After more nearly three years of reporting and analyzing security vulnerabilities, breaches, and black hat-types, we can guarantee one truth: your data isn't safe. If it isn't threatened by a corporate insider or a blundering user, it's likely been targeted by a botnet, phisher, or organized crime. You need to know what the latest threats are, how they operate, and what they can do to your organization. We're here to help.
Dark Reading was launched in May 2006, incorporating CMP Media's Secure Enterprise and Security Pipeline publications. Our mission is to be the top security news source for enterprise IT and network security professionals, providing the most up-to-date information about products, management strategies, architectures, and security policy. Our goal is to help security professionals manage the balance between two critical, yet often conflicting goals: providing broad access to data to improve business operations; and protecting business data from theft or compromise.
Dark Reading is a security dashboard for IT professionals who don't have the time or the luxury of combing wirefeeds, multiple bug feeds, or vendor Websites to find out what's new or how well it works. Here, readers will get the latest on the security industry from our crack reporting, and also links to the best security content from all across the Web.
In other words, come for the news, but hang around for the analysis, opinion, and product reviews. (Or come back later, when some sales exec isn't bursting an artery in your doorway because a malware attack has slowed orders on the e-commerce server.)
Unlike other security Websites, Dark Reading gives readers breadth and depth. Our specialty is useful information -- as opposed to that other kind: industry arcana that's more nice than necessary to know. On a day-to-day level, that means best practices for security networking, or the benefits and challenges of new technology as described by hands-on researchers who've analyzed the threats and real customers who've slogged through the latest technology deployments. Dark Reading shows readers what the real dangers are -- and what to do about them.
Of course we talk to vendors of hardware, software, and services. We also talk to security researchers, both white hats and black hats. We hope there's something here that everyone can use. But our stories are primarily written for the buyers, managers, and consumers of security technology: Many of our readers are IT professionals with security specialties and CISSP or CISA certifications; CIOs; CTOs; CSOs, CISOs, and CCOs (that's "chief compliance officers"), among others.
As the types of malware continue to increase, data theft and loss become more prevalent, and the specter of internal threats grows larger, IT security ranks among the most serious challenges faced by businesses in any sector. When it comes time to ask the hard questions and make whatever tradeoffs are necessary, Dark Reading helps ensure you'll make smart, informed choices -- about products, management strategies, architecture, and security policy.
That's the best medicine we know for any insecurity.
Dark Reading, a TechWeb publication
600 Community Drive
Manhasset, NY 11030
Free Research and Reports
- Three Principles to Improve Data Security and Compliance
- Aligning IT with strategic business goals: A proactive approach to managing IT risk to your business
- Connecting the Dots: Are You Seeing the Complete Big Data Picture?
- How crowdsourced testing has changed the game for innovative software companies
- Ensuring Your Apps Work in the Real World
- The Language of UX: Beyond Buzzwords -
- Big Data: Architecting Systems at Speed - E2 Conference Boston
- Discover the opportunities and challenges associated with mobile retail - Mobile Commerce World - Mobile Commerce World
- Get practical information on how to develop your organization's mobile commerce application - Mobile Commerce World - Mobile Commerce World
- Mobile Connect - E2 Conference Boston - E2 Conference Boston
Dark Reading Digital Magazine
Time To Set Up That Honeypot
Securing Cisco IP Telephony
Attribution Is Much More Than A Source IP
New CA Group Has Big Names, Small Impact
How To Build An IT Security Budget
5 Approaches To Decaffeinating Java Exploits
Enterprise Vulnerabilities From DHS/US-CERT's National Vulnerability Database
Multiple integer signedness errors in the tvb_unmasked function in epan/dissectors/packet-websocket.c in the Websocket dissector in Wireshark 1.8.x before 1.8.7 allow remote attackers to cause a denial of service (application crash) via a malformed packet.
Multiple integer overflows in Wireshark 1.8.x before 1.8.7 allow remote attackers to cause a denial of service (loop or application crash) via a malformed packet, related to a crash of the Websocket dissector, an infinite loop in the MySQL dissector, and a large loop in the ETCH dissector.
The dissect_dsmcc_un_download function in epan/dissectors/packet-mpeg-dsmcc.c in the MPEG DSM-CC dissector in Wireshark 1.8.x before 1.8.7 uses an incorrect format string, which allows remote attackers to cause a denial of service (application crash) via a malformed packet.
epan/dissectors/packet-dcp-etsi.c in the DCP ETSI dissector in Wireshark 1.8.x before 1.8.7 uses incorrect integer data types, which allows remote attackers to cause a denial of service (integer overflow, and heap memory corruption or NULL pointer dereference, and application crash) via a malformed packet.
The dissect_ccp_bsdcomp_opt function in epan/dissectors/packet-ppp.c in the PPP CCP dissector in Wireshark 1.8.x before 1.8.7 does not terminate a bit-field list, which allows remote attackers to cause a denial of service (application crash) via a malformed packet.