About Us
After more nearly three years of reporting and analyzing security vulnerabilities, breaches, and black hat-types, we can guarantee one truth: your data isn't safe. If it isn't threatened by a corporate insider or a blundering user, it's likely been targeted by a botnet, phisher, or organized crime. You need to know what the latest threats are, how they operate, and what they can do to your organization. We're here to help.
Dark Reading was launched in May 2006, incorporating CMP Media's Secure Enterprise and Security Pipeline publications. Our mission is to be the top security news source for enterprise IT and network security professionals, providing the most up-to-date information about products, management strategies, architectures, and security policy. Our goal is to help security professionals manage the balance between two critical, yet often conflicting goals: providing broad access to data to improve business operations; and protecting business data from theft or compromise.
Dark Reading is a security dashboard for IT professionals who don't have the time or the luxury of combing wirefeeds, multiple bug feeds, or vendor Websites to find out what's new or how well it works. Here, readers will get the latest on the security industry from our crack reporting, and also links to the best security content from all across the Web.
In other words, come for the news, but hang around for the analysis, opinion, and product reviews. (Or come back later, when some sales exec isn't bursting an artery in your doorway because a malware attack has slowed orders on the e-commerce server.)
Unlike other security Websites, Dark Reading gives readers breadth and depth. Our specialty is useful information -- as opposed to that other kind: industry arcana that's more nice than necessary to know. On a day-to-day level, that means best practices for security networking, or the benefits and challenges of new technology as described by hands-on researchers who've analyzed the threats and real customers who've slogged through the latest technology deployments. Dark Reading shows readers what the real dangers are -- and what to do about them.
Of course we talk to vendors of hardware, software, and services. We also talk to security researchers, both white hats and black hats. We hope there's something here that everyone can use. But our stories are primarily written for the buyers, managers, and consumers of security technology: Many of our readers are IT professionals with security specialties and CISSP or CISA certifications; CIOs; CTOs; CSOs, CISOs, and CCOs (that's "chief compliance officers"), among others.
As the types of malware continue to increase, data theft and loss become more prevalent, and the specter of internal threats grows larger, IT security ranks among the most serious challenges faced by businesses in any sector. When it comes time to ask the hard questions and make whatever tradeoffs are necessary, Dark Reading helps ensure you'll make smart, informed choices -- about products, management strategies, architecture, and security policy.
That's the best medicine we know for any insecurity.
Corporate Headquarters:
Dark Reading, a TechWeb publication
600 Community Drive
Manhasset, NY 11030
516-562-5000 (phone)
Free Research and Reports
Whitepapers
- Three Principles to Improve Data Security and Compliance
- Aligning IT with strategic business goals: A proactive approach to managing IT risk to your business
- Connecting the Dots: Are You Seeing the Complete Big Data Picture?
- How crowdsourced testing has changed the game for innovative software companies
- Ensuring Your Apps Work in the Real World
Upcoming Events
Dark Reading Digital Magazine
In This Issue
- The Future Of Web Authentication: Password technology is out of steam. We need safer ways to prove who's who online.
- Rethink ID Management: If the technology continues to improve, it might soon be OK for all of us to be one person on the Web.
Tech Insight
Bugs
Enterprise Vulnerabilities From DHS/US-CERT's National Vulnerability Database
CVE-2013-3562
Multiple integer signedness errors in the tvb_unmasked function in epan/dissectors/packet-websocket.c in the Websocket dissector in Wireshark 1.8.x before 1.8.7 allow remote attackers to cause a denial of service (application crash) via a malformed packet.
CVE-2013-3561
Multiple integer overflows in Wireshark 1.8.x before 1.8.7 allow remote attackers to cause a denial of service (loop or application crash) via a malformed packet, related to a crash of the Websocket dissector, an infinite loop in the MySQL dissector, and a large loop in the ETCH dissector.
CVE-2013-3560
The dissect_dsmcc_un_download function in epan/dissectors/packet-mpeg-dsmcc.c in the MPEG DSM-CC dissector in Wireshark 1.8.x before 1.8.7 uses an incorrect format string, which allows remote attackers to cause a denial of service (application crash) via a malformed packet.
CVE-2013-3559
epan/dissectors/packet-dcp-etsi.c in the DCP ETSI dissector in Wireshark 1.8.x before 1.8.7 uses incorrect integer data types, which allows remote attackers to cause a denial of service (integer overflow, and heap memory corruption or NULL pointer dereference, and application crash) via a malformed packet.
CVE-2013-3558
The dissect_ccp_bsdcomp_opt function in epan/dissectors/packet-ppp.c in the PPP CCP dissector in Wireshark 1.8.x before 1.8.7 does not terminate a bit-field list, which allows remote attackers to cause a denial of service (application crash) via a malformed packet.