Commentary
Latest Content
Page 1 / 2   >   >>
Hacking Back: Two Wrongs Don’t Make A Right
Commentary  |  3/30/2015  | 
Here’s the critical issue: Do you want to risk engaging your company in an ego-fueled war of revenge, or do you want to cut the bad guys off at the pass?
Cyber Hunting: 5 Tips To Bag Your Prey
Commentary  |  3/26/2015  | 
Knowing the lay of the land and where attackers hide is a key element in hunting, both in nature and in the cyber realm.
The Internet Of Bring-Your-Own Things
Commentary  |  3/25/2015  | 
Devices and interconnected systems are finding a foothold not only in our homes but in mainstream organizations. Here are three tips to mitigate the risk.
Educating The Cyberwarriors Of The Future
Commentary  |  3/24/2015  | 
If I have to choose between hiring a university-educated CompSci grad or an IT specialist strong in sysadmin, networking or programming, I will pick the IT specialist every time.
Context: Finding The Story Inside Your Security Operations Program
Commentary  |  3/23/2015  | 
What’s missing in today’s chaotic, alert-driven incident response queue is the idea of a narrative that provides a detailed understanding of how an attack actually unfolds.
The Clinton Email Kerfuffle & Shadow IT
Commentary  |  3/20/2015  | 
For security pros the issue is not government transparency. It's the fact that users, regardless of seniority, will always pick convenience over security.
Risky Business: Why Monitoring Vulnerability Data Is Never Enough
Commentary  |  3/19/2015  | 
Keeping tabs on open source code used in your organization’s applications and infrastructure is daunting, especially if you are relying solely on manual methods.
The Bot Threat For the Rest of Us: Application-Layer Attacks
Commentary  |  3/18/2015  | 
Bots are getting craftier by the day so you may not even know you have a problem.
The End of Pen Testing As We Know It?
Commentary  |  3/17/2015  | 
It's time to expand the scope of penetration tests beyond the periphery of the enterprise network.
Dark Reading Radio: Security Pros At Risk Of Being Criminalized
Commentary  |  3/16/2015  | 
ICYMI: Check out Dark Reading Radio's recent broadcast and discussion about the pitfalls of new government efforts to fight bad hackers that could ultimately hurt the good guys.
7 Deadly Sins Of Security Policy Change Management
Commentary  |  3/16/2015  | 
Mitigating these deadly sins requires process, visibility and automation. It’s an effort that will improve security and increase business agility.
Has Security Ops Outlived Its Purpose?
Commentary  |  3/13/2015  | 
CISOs will need more than higher headcounts and better automation tools to solve today's security problems.
Deconstructing Threat Models: 3 Tips
Commentary  |  3/12/2015  | 
There is no one-size-fits-all approach for creating cyber threat models. Just be flexible and keep your eye on the who, what, why, how and when.
6 Ways The Sony Hack Changes Everything
Commentary  |  3/11/2015  | 
Security in a post-Sony world means that a company's very survival in the wake of a cyber attack is more of a concern than ever before.
5 Things CISOs Can Learn From The Best GMs In Baseball
Commentary  |  3/10/2015  | 
A MLB team has many goals and objectives: to win, be profitable, have a solid strategy and understand the people whom they serve. Sound familiar?
Second Look: Data Security In A Hybrid Cloud
Commentary  |  3/9/2015  | 
Today’s big cloud providers were built around an architecture for hosting and securing data. They will continue to thrive, only by keeping your workloads safe.
Does Hollywood Have The Answer To The Security Skills Question?
Commentary  |  3/6/2015  | 
The Oscar-winning biopic about famed WWII cryptanalyst Alan Turing -- the father of modern computing -- was long overdue. But a lot more needs to be done to inspire the next generation of computer scientists.
Which Apps Should You Secure First? Wrong Question.
Commentary  |  3/5/2015  | 
Instead, develop security instrumentation capability and stop wasting time on '4 terrible tactics' that focus on the trivial.
A ‘Building Code’ For Internet of Things Security, Privacy
Commentary  |  3/4/2015  | 
In the fast-emerging IoT, medical device safety is reaching a critical juncture. Here are three challenges InfoSec professionals should begin to think about now.
Compliance & Security: A Race To The Bottom?
Commentary  |  3/3/2015  | 
Compliance is meaningless if organizations don’t use it as a starting point to understand and mitigate risks within their environment.
Why Security Awareness Alone Won’t Stop Hackers
Commentary  |  3/2/2015  | 
End-user training is a noble pursuit but it’s no defense against “low and slow” attacks that take months and years to carry out.
Dark Reading Offers Cyber Security Crash Course At Interop 2015
Commentary  |  3/2/2015  | 
New, one-day event offers a way for IT pros to quickly catch up with the latest threats and defenses in information security.
Cyber Intelligence: Defining What You Know
Commentary  |  2/27/2015  | 
Too often management settles for security data about things that are assumed rather than things you can prove or that you know are definitely wrong.
How To Reduce Spam & Phishing With DMARC
Commentary  |  2/26/2015  | 
Providers of more than 3 billion email boxes have taken up a new Internet protocol to help put trust back into electronic messaging.
Customers Aren’t the Only Victims: 5 Stages Of Data Breach Grief
Commentary  |  2/25/2015  | 
What can we learn from organizations that have experienced a data beach? For one thing, infosec teams on the front lines of cyber security are also victims.
From Hacking Systems To Hacking People
Commentary  |  2/24/2015  | 
New low-tech attack methods like ‘visual hacking’ demand an information security environment that values data privacy and a self-policing culture.
Blackhat, The Movie: Good, Bad & Ridiculous
Commentary  |  2/23/2015  | 
It didn’t take home an Oscar, but in some instances Blackhat was right on point. Still, a white-hat hacker with the skills to take out armed opponents?
Who Cares Who’s Behind A Data Breach?
Commentary  |  2/20/2015  | 
Attribution takes a long time, a lot of work, and a healthy dose of luck. But is it worth the effort?
Our Governments Are Making Us More Vulnerable
Commentary  |  2/19/2015  | 
Stuxnet opened Pandora’s box and today state-sponsored cyber security policies continue to put us at risk. Here are three reasons why.
How We Can Prevent Another Anthem Breach
Commentary  |  2/18/2015  | 
Two things could have mitigated the damage and maybe even prevented any loss at all: behavioral analysis and context-aware access control.
How To Get More Involved In The IT Security Community
Commentary  |  2/18/2015  | 
Dark Reading Radio offers tips on how to network with your IT security peers, learn more about the industry and the profession, and participate in community outreach
Why The USA Hacks
Commentary  |  2/17/2015  | 
The U.S. government views cyberspace as just another theater of war akin to air, land and sea, and it operates in the domain for one basic reason: national defense.
Sony Hack: Poster Child For A New Era Of Cyber Attacks
Commentary  |  2/13/2015  | 
What made the Sony breach unique is the combination of four common tactics into a single orchestrated campaign designed to bend a victim to the will of the attackers.
A Winning Strategy: Must Patch, Should Patch, Can't Patch
Commentary  |  2/11/2015  | 
The best way to have a significant impact on your company's security posture is to develop an organized effort for patching vulnerabilities.
How Malware Bypasses Our Most Advanced Security Measures
Commentary  |  2/10/2015  | 
We unpack three common attack vectors and five evasion detection techniques.
Bridging the Cybersecurity Skills Gap: 3 Big Steps
Commentary  |  2/9/2015  | 
The stakes are high. Establishing clear pathways into the industry, standardizing jobs, and assessing skills will require industry-wide consensus and earnest collaboration.
Why Israel Hacks
Commentary  |  2/5/2015  | 
Israel's tenuous position in the world drives its leaders to stay ahead of its cyber adversaries, chief among them the Islamic Republic of Iran.
Shifting Paradigms: The Case for Cyber Counter-Intelligence
Commentary  |  2/4/2015  | 
Cyber Counter-Intelligence and traditional information security share many aspects. But CCI picks up where infosec ends -- with an emphasis on governance, automation, timeliness, and reporting.
Proposed Federal Data Breach Law Is Nice Gesture But No Panacea
Commentary  |  2/3/2015  | 
President Obama’s SOTU proposal demonstrates the growing importance of data protection for individuals but does little to address compliance complexities for business.
How The Skills Shortage Is Killing Defense in Depth
Commentary  |  1/30/2015  | 
It used to be easy to sell specialized security gizmos but these days when a point product gets pitched to a CSO, the response is likely “looks nifty, but I don’t have the staff to deploy it.”
Why Iran Hacks
Commentary  |  1/29/2015  | 
Iran is using its increasingly sophisticated cyber capabilities to minimize Western influence and establish itself as the dominant power in the Middle East.
Small Changes Can Make A Big Difference In Tech Diversity
Commentary  |  1/28/2015  | 
There’s no doubt that many employers feel most comfortable hiring people like themselves. But in InfoSec, this approach can lead to stagnation.
WiIl Millennials Be The Death Of Data Security?
Commentary  |  1/27/2015  | 
Millennials, notoriously promiscuous with data and devices, this year will become the largest generation in the workforce. Is your security team prepared?
Power Consumption Technology Could Help Enterprises Identify Counterfeit Devices
Commentary  |  1/26/2015  | 
Understanding a device's "power fingerprint" might make it possible to detect security anomalies in Internet of Things as well, startup says
Building A Cybersecurity Program: 3 Tips
Commentary  |  1/26/2015  | 
Getting from “we need” to “we have” a cybersecurity program is an investment in time and resources that’s well worth the effort.
Why Russia Hacks
Commentary  |  1/23/2015  | 
Conventional wisdom holds that Russia hacks primarily for financial gain. But equally credible is the belief that the Russians engage in cyberwarfare to further their geopolitical ambitions.
What Government Can (And Can’t) Do About Cybersecurity
Commentary  |  1/22/2015  | 
In his 2015 State of the Union address, President Obama introduced a number of interesting, if not terribly novel, proposals. Here are six that will have minimal impact.
Facebook Messenger: Classically Bad AppSec
Commentary  |  1/21/2015  | 
Facebook offers a textbook example of what the software industry needs to do to put application security in the forefront of software development.
Could The Sony Attacks Happen Again? Join The Conversation
Commentary  |  1/21/2015  | 
Check out Dark Reading Radio's interview and live chat with CrowdStrike founder and CEO George Kurtz and Shape Security executive Neal Mueller.
The Truth About Malvertising
Commentary  |  1/16/2015  | 
Malvertising accounts for huge amounts of cyberfraud and identity theft. Yet there is still no consensus on who is responsible for addressing these threats.
Page 1 / 2   >   >>


Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
10 Recommendations for Outsourcing Security
10 Recommendations for Outsourcing Security
Enterprises today have a wide range of third-party options to help improve their defenses, including MSSPs, auditing and penetration testing, and DDoS protection. But are there situations in which a service provider might actually increase risk?
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-6501
Published: 2015-03-30
The default soap.wsdl_cache_dir setting in (1) php.ini-production and (2) php.ini-development in PHP through 5.6.7 specifies the /tmp directory, which makes it easier for local users to conduct WSDL injection attacks by creating a file under /tmp with a predictable filename that is used by the get_s...

CVE-2014-9209
Published: 2015-03-30
Untrusted search path vulnerability in the Clean Utility application in Rockwell Automation FactoryTalk Services Platform before 2.71.00 and FactoryTalk View Studio 8.00.00 and earlier allows local users to gain privileges via a Trojan horse DLL in an unspecified directory.

CVE-2014-9652
Published: 2015-03-30
The mconvert function in softmagic.c in file before 5.21, as used in the Fileinfo component in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5, does not properly handle a certain string-length field during a copy of a truncated version of a Pascal string, which might allow remote atta...

CVE-2014-9653
Published: 2015-03-30
readelf.c in file before 5.22, as used in the Fileinfo component in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5, does not consider that pread calls sometimes read only a subset of the available data, which allows remote attackers to cause a denial of service (uninitialized memory ...

CVE-2014-9705
Published: 2015-03-30
Heap-based buffer overflow in the enchant_broker_request_dict function in ext/enchant/enchant.c in PHP before 5.4.38, 5.5.x before 5.5.22, and 5.6.x before 5.6.6 allows remote attackers to execute arbitrary code via vectors that trigger creation of multiple dictionaries.

Dark Reading Radio
Archived Dark Reading Radio
Good hackers--aka security researchers--are worried about the possible legal and professional ramifications of President Obama's new proposed crackdown on cyber criminals.