7 Reasons To Love Passwords
DR Radio: A Grown-Up Conversation About Passwords
Data Privacy Etiquette: It's Not Just For Kids
Privacy, Security & The Geography Of Data Protection
InfoSec Book Club: What's On Your Fall Reading List?
News & Commentary
Apple CEO: We Don't Covet Your Data
Thomas Claburn, Editor-at-LargeCommentary
Apple CEO Tim Cook highlights the company's commitment to privacy in an open letter.
By Thomas Claburn Editor-at-Large, 9/18/2014
Comment4 comments  |  Read  |  Post a Comment
5 Ways To Monitor DNS Traffic For Security Threats
Dave Piscitello, VP Security, ICANNCommentary
Check out these examples of how to implement real-time or offline traffic monitoring using common commercial or open source security products.
By Dave Piscitello VP Security, ICANN, 9/18/2014
Comment0 comments  |  Read  |  Post a Comment
Google Backs New Effort To Simplify Security
Kelly Jackson Higgins, Executive Editor at Dark ReadingQuick Hits
New organization Simply Secure aims to promote and shape more user-friendly security and privacy technologies on the Internet.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 9/18/2014
Comment9 comments  |  Read  |  Post a Comment
US Military In The Dark On Cyberattacks Against Contractors
Brian Prince, Contributing Writer, Dark ReadingNews
A lack of communication between military contractors and government agencies about Chinese cyber espionage attacks is revealed in a new Senate report.
By Brian Prince Contributing Writer, Dark Reading, 9/18/2014
Comment1 Comment  |  Read  |  Post a Comment
Federal Inaction Breeds ID Theft, Says Frank Abagnale
David F Carr, Editor, InformationWeek Government/HealthcareCommentary
Onetime "Catch Me If You Can" swindler turned anti-fraud consultant says identity theft is "4,000 times easier" than when he was living a life of crime.
By David F Carr Editor, InformationWeek Government/Healthcare, 9/18/2014
Comment1 Comment  |  Read  |  Post a Comment
7 Reasons To Love Passwords
Sara Peters, Senior Editor at Dark Reading
Passwords are often ridiculed, but there are some reasons they should be your nearest and dearest authentication factor.
By Sara Peters Senior Editor at Dark Reading, 9/17/2014
Comment3 comments  |  Read  |  Post a Comment
Cyberspies Resuscitate Citadel Trojan For Petrochemical Attacks
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
The Citadel Trojan is a rare and odd choice of malware for cyber espionage purposes, experts say.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 9/17/2014
Comment5 comments  |  Read  |  Post a Comment
Facebook Developing App For Private Sharing
Kristin Burnham, Senior Editor, InformationWeek.comCommentary
Facebook's in-development "Moments" app could make sharing with small groups easier. Here's what we know, plus tips to manage friend lists now.
By Kristin Burnham Senior Editor, InformationWeek.com, 9/17/2014
Comment5 comments  |  Read  |  Post a Comment
How To Build Battle-Tested Websites
Joe Masters Emison, CTO, BuildFaxCommentary
It doesn't matter whether your e-commerce D-Day is Black Friday, tax day, or some random Thursday when a post goes viral. Your websites need to be ready.
By Joe Masters Emison CTO, BuildFax, 9/17/2014
Comment0 comments  |  Read  |  Post a Comment
Data Privacy Etiquette: It's Not Just For Kids
Lysa Myers, Security Researcher, ESETCommentary
Children are the innocent victims of the worst effects of social media. Thatís why itís vital for adults to establish privacy values that are safe for them -- and the rest of us.
By Lysa Myers Security Researcher, ESET, 9/17/2014
Comment6 comments  |  Read  |  Post a Comment
Meet The Next Next-Gen Firewall
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Or at least the latest iteration of one of the oldest-running security tools that continues to evolve and transform with the times.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 9/16/2014
Comment3 comments  |  Read  |  Post a Comment
Browser Vulnerability 'Privacy Disaster' For 3 Of 4 Android Users
Sara Peters, Senior Editor at Dark ReadingQuick Hits
An exploit of an unsupported Android browser bypasses the ever-important Same Origin Policy.
By Sara Peters Senior Editor at Dark Reading, 9/16/2014
Comment1 Comment  |  Read  |  Post a Comment
New CVE Naming Convention Could Break Vulnerability Management
Ericka Chickowski, Contributing Writer, Dark ReadingNews
MITRE sets deadline for releasing new CVEs with different ID format syntax, regardless of how many vulnerabilities we see in 2014.
By Ericka Chickowski Contributing Writer, Dark Reading, 9/16/2014
Comment0 comments  |  Read  |  Post a Comment
DR Radio: A Grown-Up Conversation About Passwords
Sara Peters, Senior Editor at Dark ReadingCommentary
Cormac Herley of Microsoft Research will challenge everything you think you know about password management.
By Sara Peters Senior Editor at Dark Reading, 9/16/2014
Comment4 comments  |  Read  |  Post a Comment
In Defense Of Passwords
Corey Nachreiner, Director, Security Strategy & Research, WatchGuard TechnologiesCommentary
Long live the password (as long as you use it correctly along with something else).
By Corey Nachreiner Director, Security Strategy & Research, WatchGuard Technologies, 9/16/2014
Comment12 comments  |  Read  |  Post a Comment
The Security Skills Shortage No One Talks About
Jeremy Bergsman & Emma Kinnucan, CEBCommentary
Lack of soft skills in information security is an even bigger problem than the shortage of technical expertise.
By Jeremy Bergsman & Emma Kinnucan CEB, 9/16/2014
Comment3 comments  |  Read  |  Post a Comment
Worm Illuminates Potential NAS Nightmare
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
A researcher at Black Hat Europe hopes to demonstrate a homegrown, self-replicating worm to illustrate major threats to popular network-attached storage systems.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 9/15/2014
Comment6 comments  |  Read  |  Post a Comment
Internet Of Things Devices Are Doomed
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Security researchers hack Canon printer firmware to run the classic 90s video game Doom as well as to wreak havoc with other manipulations.
By Ericka Chickowski Contributing Writer, Dark Reading, 9/15/2014
Comment9 comments  |  Read  |  Post a Comment
5 Myths: Why We Are All Data Security Risks
Lance Cottrell, Chief Scientist, NtrepidCommentary
I am absolutely sure that I could be tricked by a well-crafted spear phishing attack, and I am equally sure I could do the same to you.
By Lance Cottrell Chief Scientist, Ntrepid, 9/15/2014
Comment12 comments  |  Read  |  Post a Comment
Security Ops Confidence Levels Drop
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Survey shows most organizations unable to keep up with new and emerging threats from state-sponsored attackers.
By Ericka Chickowski Contributing Writer, Dark Reading, 9/12/2014
Comment5 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Security Insights
3 Places to Enable 2-Factor Authentication Now
3 Places to Enable 2-Factor Authentication Now
Two-factor authentication is a ubiquitous, mature technology. Whether or not you use it for your network, here are three external services for which you should immediately enable it.
Comment1 comments
Read | Post a Comment
More Sophos Security Insights
PR Newswire
5 Myths: Why We Are All Data Security Risks
Lance Cottrell, Chief Scientist, Ntrepid,  9/15/2014
In Defense Of Passwords
Corey Nachreiner, Director, Security Strategy & Research, WatchGuard Technologies,  9/16/2014
Why Email Is Worth Saving
Daniel Ingevaldson, CTO, Easy Solutions,  9/12/2014
Register for Dark Reading Newsletters
Dark Reading Radio
Cartoon
White Papers
Current Issue
Dark Reading, September 16, 2014
Malicious software is morphing to be more targeted, stealthy, and destructive. Are you prepared to stop it?
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-2886
Published: 2014-09-18
GKSu 2.0.2, when sudo-mode is not enabled, uses " (double quote) characters in a gksu-run-helper argument, which allows attackers to execute arbitrary commands in certain situations involving an untrusted substring within this argument, as demonstrated by an untrusted filename encountered during ins...

CVE-2014-4352
Published: 2014-09-18
Address Book in Apple iOS before 8 relies on the hardware UID for its encryption key, which makes it easier for physically proximate attackers to obtain sensitive information by obtaining this UID.

CVE-2014-4353
Published: 2014-09-18
Race condition in iMessage in Apple iOS before 8 allows attackers to obtain sensitive information by leveraging the presence of an attachment after the deletion of its parent (1) iMessage or (2) MMS.

CVE-2014-4354
Published: 2014-09-18
Apple iOS before 8 enables Bluetooth during all upgrade actions, which makes it easier for remote attackers to bypass intended access restrictions via a Bluetooth session.

CVE-2014-4356
Published: 2014-09-18
Apple iOS before 8 does not follow the intended configuration setting for text-message preview on the lock screen, which allows physically proximate attackers to obtain sensitive information by reading this screen.

Best of the Web
Title Partnerís Role in Perimeter Security
Title Partnerís Role in Perimeter Security
Considering how prevalent third-party attacks are, we need to ask hard questions about how partners and suppliers are safeguarding systems and data.
Flash Poll
Video
Slideshows
Twitter Feed