Endpoint // Authentication
News & Commentary
Internet of Things: Security For A World Of Ubiquitous Computing
Candace Worley, SVP & GM, Endpoint Security, McAfeeCommentary
Endpoint security is hardly dead, and claiming that it is oversimplifies the challenges corporations face now and in the not-very-distant future.
By Candace Worley SVP & GM, Endpoint Security, McAfee, 7/21/2014
Comment2 comments  |  Read  |  Post a Comment
Passwords & The Future Of Identity: Payment Networks?
Andre Boysen, EVP, Digital Identity Evangelist, SecureKeyCommentary
The solution to the omnipresent and enduring password problem may be closer than you think.
By Andre Boysen EVP, Digital Identity Evangelist, SecureKey, 7/16/2014
Comment17 comments  |  Read  |  Post a Comment
Payment Card Data Theft: Tips For Small Business
Chris Nutt, Director, Incident Response & Malware, MandiantCommentary
For small businesses looking to reduce their exposure to data theft the good news is the advantage of being small.
By Chris Nutt Director, Incident Response & Malware, Mandiant, 7/15/2014
Comment7 comments  |  Read  |  Post a Comment
While Brazilians Watch World Cup, Bank Fraudsters Are At Work
Sara Peters, News
Passive biometrics allow BioCatch to tell the difference between busy fraudsters and distraught soccer fans.
By Sara Peters , 7/11/2014
Comment8 comments  |  Read  |  Post a Comment
Fake Google Digital Certificates Found & Confiscated
Kelly Jackson Higgins, Senior Editor, Dark ReadingNews
A certificate authority in India had issued rogue certificates for some Google domains, the search engine giant discovers.
By Kelly Jackson Higgins Senior Editor, Dark Reading, 7/9/2014
Comment4 comments  |  Read  |  Post a Comment
Data Security Decisions In A World Without TrueCrypt
Cam Roberson, Director Reseller Channel, Beachhead SolutionsCommentary
The last days of TrueCrypt left many unanswered questions. But one thing is certain: When encryption freeware ends its life abruptly, being a freeloader can get you into a load of trouble.
By Cam Roberson Director Reseller Channel, Beachhead Solutions, 6/18/2014
Comment16 comments  |  Read  |  Post a Comment
TweetDeck Scammers Steal Twitter IDs Via OAuth
Brian Prince, Contributing Writer, Dark ReadingNews
Users who give up their TweetDeck ID are promised 20 followers for free or 100 to 5,000 new followers a day for five days.
By Brian Prince Contributing Writer, Dark Reading, 6/6/2014
Comment4 comments  |  Read  |  Post a Comment
How The Math Of Biometric Authentication Adds Up
Dave Kearns, Analyst, Kuppinger-ColeCommentary
Yes, it's true that if your authentication scheme only allows a single fingerprint you only have 10 choices. But there's no rule that says it has to be one, and only one.
By Dave Kearns Analyst, Kuppinger-Cole, 6/2/2014
Comment12 comments  |  Read  |  Post a Comment
eBay Breach: Is Your Identity Up For Auction?
JD Sherry, VP Technology & Solutions, Trend MicroCommentary
In a sick twist of events, the roles may just have been reversed on eBay users. Its their social media identities and data that now have the greatest value in the cyber underground.
By JD Sherry VP Technology & Solutions, Trend Micro, 5/23/2014
Comment10 comments  |  Read  |  Post a Comment
6 Tips For Securing Social Media In The Workplace
John W. Pirc, Research Vice President, NSS LabsCommentary
Empower employees by training them to be aware and secure, and in how to avoid becoming a statistic.
By John W. Pirc Research Vice President, NSS Labs, 5/20/2014
Comment10 comments  |  Read  |  Post a Comment
Retail Breaches Bolster Interest In NIST Cyber Security Advice
Wyatt Kash, former Editor, InformationWeek GovernmentCommentary
Target data breach highlighted risks in corporate supply chains, and companies are looking to government guidelines for ways to shore up cyber defense, says White House.
By Wyatt Kash former Editor, InformationWeek Government, 5/15/2014
Comment4 comments  |  Read  |  Post a Comment
Breach At Bit.ly Blamed On Offsite Backup Storage Provider
Tim Wilson, Editor in Chief, Dark ReadingQuick Hits
URL shortening service says user database may have been compromised through backup data.
By Tim Wilson Editor in Chief, Dark Reading, 5/13/2014
Comment2 comments  |  Read  |  Post a Comment
Deactivated User Accounts Die Hard
Kelly Jackson Higgins, Senior Editor, Dark ReadingQuick Hits
New research finds deleted Windows accounts stick around for up to 10 hours and are open to abuse.
By Kelly Jackson Higgins Senior Editor, Dark Reading, 5/6/2014
Comment8 comments  |  Read  |  Post a Comment
Defending Against Identity Theft In The Military
Lysa Myers, Security Researcher, ESETCommentary
Our military troops are twice as likely to be victims of identity theft as the general population. The reason is in the structure of military culture.
By Lysa Myers Security Researcher, ESET, 5/5/2014
Comment5 comments  |  Read  |  Post a Comment
Privacy, Cybercrime Headline the Infosecurity Europe Conference
Mathew J. Schwartz,
Attendees debate NSA surveillance, privacy reforms, cybercrime defenses, and sharpen their CISO skills.
By Mathew J. Schwartz , 5/2/2014
Comment6 comments  |  Read  |  Post a Comment
How To Avoid Sloppy Authentication
Garret Grajek, CTO & COO, SecureAuthCommentary
Viewing authentication as a process, not simply as an encryption or algorithm, is the key to defending corporate resources from attacks.
By Garret Grajek CTO & COO, SecureAuth, 5/1/2014
Comment2 comments  |  Read  |  Post a Comment
Heartbleed: A Password Manager Reality Check
Mathew J. Schwartz, News
Is a password manager an effective defense against vulnerabilities like Heartbleed, or just another way to lose data to hackers?
By Mathew J. Schwartz , 4/18/2014
Comment14 comments  |  Read  |  Post a Comment
What Is The FIDO Alliance?
Dark Reading, CommentaryVideo
Phillip Dunkelberger of Nok Nok Labs explains why its proposed specifications will transform computing.
By Dark Reading , 4/2/2014
Comment0 comments  |  Read  |  Post a Comment
Attacks Rise On Network 'Blind' Spot
Kelly Jackson Higgins, Senior Editor, Dark ReadingNews
Interop speaker says DDoS attacks are not the only forms of abuse on the Domain Name Server.
By Kelly Jackson Higgins Senior Editor, Dark Reading, 3/27/2014
Comment4 comments  |  Read  |  Post a Comment
Finally, Plug & Play Authentication!
Phil Dunkelberger, President & CEO, Nok Nok LabsCommentaryVideo
FIDO Alliance technology will allow enterprises to replace passwords with plug-and-play multifactor authentication.
By Phil Dunkelberger President & CEO, Nok Nok Labs, 3/26/2014
Comment1 Comment  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Register for Dark Reading Newsletters
White Papers
Current Issue
Cartoon
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-1544
Published: 2014-07-23
Use-after-free vulnerability in the CERT_DestroyCertificate function in libnss3.so in Mozilla Network Security Services (NSS) 3.x, as used in Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7, allows remote attackers to execute arbitrary code via vectors that trigger cer...

CVE-2014-1547
Published: 2014-07-23
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

CVE-2014-1548
Published: 2014-07-23
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 31.0 and Thunderbird before 31.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

CVE-2014-1549
Published: 2014-07-23
The mozilla::dom::AudioBufferSourceNodeEngine::CopyFromInputBuffer function in Mozilla Firefox before 31.0 and Thunderbird before 31.0 does not properly allocate Web Audio buffer memory, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and applica...

CVE-2014-1550
Published: 2014-07-23
Use-after-free vulnerability in the MediaInputPort class in Mozilla Firefox before 31.0 and Thunderbird before 31.0 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) by leveraging incorrect Web Audio control-message ordering.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Sara Peters hosts a conversation on Botnets and those who fight them.