After more nearly three years of reporting and analyzing security vulnerabilities, breaches, and black hat-types, we can guarantee one truth: your data isn't safe. If it isn't threatened by a corporate insider or a blundering user, it's likely been targeted by a botnet, phisher, or organized crime. You need to know what the latest threats are, how they operate, and what they can do to your organization. We're here to help.
Dark Reading was launched in May 2006, incorporating CMP Media's Secure Enterprise and Security Pipeline publications. Our mission is to be the top security news source for enterprise IT and network security professionals, providing the most up-to-date information about products, management strategies, architectures, and security policy. Our goal is to help security professionals manage the balance between two critical, yet often conflicting goals: providing broad access to data to improve business operations; and protecting business data from theft or compromise.
Dark Reading is a security dashboard for IT professionals who don't have the time or the luxury of combing wirefeeds, multiple bug feeds, or vendor Websites to find out what's new or how well it works. Here, readers will get the latest on the security industry from our crack reporting, and also links to the best security content from all across the Web.
In other words, come for the news, but hang around for the analysis, opinion, and product reviews. (Or come back later, when some sales exec isn't bursting an artery in your doorway because a malware attack has slowed orders on the e-commerce server.)
Unlike other security Websites, Dark Reading gives readers breadth and depth. Our specialty is useful information -- as opposed to that other kind: industry arcana that's more nice than necessary to know. On a day-to-day level, that means best practices for security networking, or the benefits and challenges of new technology as described by hands-on researchers who've analyzed the threats and real customers who've slogged through the latest technology deployments. Dark Reading shows readers what the real dangers are -- and what to do about them.
Of course we talk to vendors of hardware, software, and services. We also talk to security researchers, both white hats and black hats. We hope there's something here that everyone can use. But our stories are primarily written for the buyers, managers, and consumers of security technology: Many of our readers are IT professionals with security specialties and CISSP or CISA certifications; CIOs; CTOs; CSOs, CISOs, and CCOs (that's "chief compliance officers"), among others.
As the types of malware continue to increase, data theft and loss become more prevalent, and the specter of internal threats grows larger, IT security ranks among the most serious challenges faced by businesses in any sector. When it comes time to ask the hard questions and make whatever tradeoffs are necessary, Dark Reading helps ensure you'll make smart, informed choices -- about products, management strategies, architecture, and security policy.
That's the best medicine we know for any insecurity.
Dark Reading, a TechWeb publication
600 Community Drive
Manhasset, NY 11030
Free Research and Reports
- Forrester Study: The Total Economic Impact of VMware View
- Securing Executives and Highly Sensitive Documents of Corporations Globally
- From Insight to Foresight: Using Business Analytics to Improve Customer Lifetime Value
- Blade Server Strategies: Optimizing the Data Center
- Defense Against the Dark Arts: Finding and Stopping Advanced Threats
Dark Reading Digital Magazine
Quick Wins For Strengthening SMB Security
Time To Set Up That Honeypot
Securing Cisco IP Telephony
Attribution Is Much More Than A Source IP
New CA Group Has Big Names, Small Impact
How To Build An IT Security Budget
5 Approaches To Decaffeinating Java Exploits
Enterprise Vulnerabilities From DHS/US-CERT's National Vulnerability Database
Cross-site scripting (XSS) vulnerability in the Spacewalk service in SUSE Manager 1.2 for SUSE Linux Enterprise (SLE) 11 SP1 allows remote attackers to inject arbitrary web script or HTML via an image name.
zypp-refresh-wrapper in SUSE Zypper before 1.3.20 and 1.6.x before 1.6.166 allows local users to create files in arbitrary directories, or possibly have unspecified other impact, via a pathname in the ZYPP_LOCKFILE_ROOT environment variable.
LanItems.ycp in save_y2logs in yast2-network before 2.24.4 in SUSE YaST writes cleartext Wi-Fi credentials to the y2log log file, which allows context-dependent attackers to obtain sensitive information by reading the (1) WIRELESS_WPA_PASSWORD or (2) WIRELESS_CLIENT_KEY_PASSWORD field.
Race condition in sap_suse_cluster_connector before 1.0.0-0.8.1 in SUSE Linux Enterprise for SAP Applications 11 SP2 allows local users to have an unspecified impact via vectors related to a tmp/ directory.
yast2-add-on-creator in SUSE inst-source-utils 2008.11.26 before 2008.11.26-0.9.1 and 2012.9.13 before 2012.9.13-0.8.1 allows local users to gain privileges via a crafted (1) file name or (2) directory name.