Endpoint // Authentication
News & Commentary
UK Reconsidering Biometrics
Sara Peters, Senior Editor at Dark ReadingQuick Hits
Parliament is looking for answers about biometrics' privacy, security, future uses, and whether or not legislation is ready for what comes next.
By Sara Peters Senior Editor at Dark Reading, 8/12/2014
Comment4 comments  |  Read  |  Post a Comment
6 Biometric Factors That Are Working Today
Marilyn Cohodas, Community Editor, Dark Reading
From fingerprints to wearable ECG monitors, there are real options in the market that may relegate the despised password to the dustbin of history.
By Marilyn Cohodas Community Editor, Dark Reading, 8/12/2014
Comment23 comments  |  Read  |  Post a Comment
Biggest Cache of Stolen Creds Ever Includes 1.2 Billion Unique Logins
Sara Peters, Senior Editor at Dark ReadingQuick Hits
A Russian crime ring has swiped more than a billion unique username-password combinations, plus a half-million email addresses.
By Sara Peters Senior Editor at Dark Reading, 8/5/2014
Comment16 comments  |  Read  |  Post a Comment
'Backoff' Malware: Time To Step Up Remote Access Security
Boatner Blankenstein, Senior Director, Solutions Engineering, BomgarCommentary
DHS issues advisory about remote desktop access tools associated with recent point-of-sale breaches.
By Boatner Blankenstein Senior Director, Solutions Engineering, Bomgar, 8/1/2014
Comment9 comments  |  Read  |  Post a Comment
Weak Password Advice From Microsoft
Andrey Dulkin, Senior Director, Cyber Innovation, CyberArkCommentary
Tempting as it may seem to do away with strong passwords for low-risk websites, password reuse is still a significant threat to both users and business.
By Andrey Dulkin Senior Director, Cyber Innovation, CyberArk, 7/28/2014
Comment15 comments  |  Read  |  Post a Comment
Passwords Be Gone! Removing 4 Barriers To Strong Authentication
Phillip M. Dunkelberger, President & CEO, Nok Nok LabsCommentary
As biometric factors become more prevalent on mobile devices, FIDO Alliance standards will gain traction as an industry-wide authentication solution.
By Phillip M. Dunkelberger President & CEO, Nok Nok Labs, 7/24/2014
Comment10 comments  |  Read  |  Post a Comment
7 Arrested, 3 More Indicted For Roles In Cyber Fraud Ring That Stung StubHub
Sara Peters, Senior Editor at Dark ReadingNews
Arrests made in New York state, London, Toronto, and Spain for money laundering, grand larceny, and using StubHub customers' credit cards to buy and sell 3,500 e-tickets to prime events.
By Sara Peters Senior Editor at Dark Reading, 7/23/2014
Comment3 comments  |  Read  |  Post a Comment
Internet of Things: Security For A World Of Ubiquitous Computing
Candace Worley, SVP & GM, Endpoint Security, McAfeeCommentary
Endpoint security is hardly dead, and claiming that it is oversimplifies the challenges corporations face now and in the not-very-distant future.
By Candace Worley SVP & GM, Endpoint Security, McAfee, 7/21/2014
Comment5 comments  |  Read  |  Post a Comment
Passwords & The Future Of Identity: Payment Networks?
Andre Boysen, EVP, Digital Identity Evangelist, SecureKeyCommentary
The solution to the omnipresent and enduring password problem may be closer than you think.
By Andre Boysen EVP, Digital Identity Evangelist, SecureKey, 7/16/2014
Comment17 comments  |  Read  |  Post a Comment
Payment Card Data Theft: Tips For Small Business
Chris Nutt, Director, Incident Response & Malware, MandiantCommentary
For small businesses looking to reduce their exposure to data theft the good news is the advantage of being small.
By Chris Nutt Director, Incident Response & Malware, Mandiant, 7/15/2014
Comment8 comments  |  Read  |  Post a Comment
While Brazilians Watch World Cup, Bank Fraudsters Are At Work
Sara Peters, Senior Editor at Dark ReadingNews
Passive biometrics allow BioCatch to tell the difference between busy fraudsters and distraught soccer fans.
By Sara Peters Senior Editor at Dark Reading, 7/11/2014
Comment8 comments  |  Read  |  Post a Comment
Fake Google Digital Certificates Found & Confiscated
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
A certificate authority in India had issued rogue certificates for some Google domains, the search engine giant discovers.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 7/9/2014
Comment4 comments  |  Read  |  Post a Comment
Data Security Decisions In A World Without TrueCrypt
Cam Roberson, Director Reseller Channel, Beachhead SolutionsCommentary
The last days of TrueCrypt left many unanswered questions. But one thing is certain: When encryption freeware ends its life abruptly, being a freeloader can get you into a load of trouble.
By Cam Roberson Director Reseller Channel, Beachhead Solutions, 6/18/2014
Comment16 comments  |  Read  |  Post a Comment
TweetDeck Scammers Steal Twitter IDs Via OAuth
Brian Prince, Contributing Writer, Dark ReadingNews
Users who give up their TweetDeck ID are promised 20 followers for free or 100 to 5,000 new followers a day for five days.
By Brian Prince Contributing Writer, Dark Reading, 6/6/2014
Comment4 comments  |  Read  |  Post a Comment
How The Math Of Biometric Authentication Adds Up
Dave Kearns, Analyst, Kuppinger-ColeCommentary
Yes, it's true that if your authentication scheme only allows a single fingerprint you only have 10 choices. But there's no rule that says it has to be one, and only one.
By Dave Kearns Analyst, Kuppinger-Cole, 6/2/2014
Comment12 comments  |  Read  |  Post a Comment
eBay Breach: Is Your Identity Up For Auction?
JD Sherry, VP Technology & Solutions, Trend MicroCommentary
In a sick twist of events, the roles may just have been reversed on eBay users. Its their social media identities and data that now have the greatest value in the cyber underground.
By JD Sherry VP Technology & Solutions, Trend Micro, 5/23/2014
Comment10 comments  |  Read  |  Post a Comment
6 Tips For Securing Social Media In The Workplace
John W. Pirc, Research Vice President, NSS LabsCommentary
Empower employees by training them to be aware and secure, and in how to avoid becoming a statistic.
By John W. Pirc Research Vice President, NSS Labs, 5/20/2014
Comment10 comments  |  Read  |  Post a Comment
Retail Breaches Bolster Interest In NIST Cyber Security Advice
Wyatt Kash, former Editor, InformationWeek GovernmentCommentary
Target data breach highlighted risks in corporate supply chains, and companies are looking to government guidelines for ways to shore up cyber defense, says White House.
By Wyatt Kash former Editor, InformationWeek Government, 5/15/2014
Comment4 comments  |  Read  |  Post a Comment
Breach At Bit.ly Blamed On Offsite Backup Storage Provider
Tim Wilson, Editor in Chief, Dark ReadingQuick Hits
URL shortening service says user database may have been compromised through backup data.
By Tim Wilson Editor in Chief, Dark Reading, 5/13/2014
Comment2 comments  |  Read  |  Post a Comment
Deactivated User Accounts Die Hard
Kelly Jackson Higgins, Executive Editor at Dark ReadingQuick Hits
New research finds deleted Windows accounts stick around for up to 10 hours and are open to abuse.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 5/6/2014
Comment8 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by Marilyn Cohodas
Current Conversations #authentication #luddite
In reply to: Better than TouchID?
Post Your Own Reply
More Conversations
Security Insights
3 Places to Enable 2-Factor Authentication Now
3 Places to Enable 2-Factor Authentication Now
Two-factor authentication is a ubiquitous, mature technology. Whether or not you use it for your network, here are three external services for which you should immediately enable it.
Comment1 comments
Read | Post a Comment
More Sophos Security Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-0485
Published: 2014-09-02
S3QL 1.18.1 and earlier uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object in (1) common.py or (2) local.py in backends/.

CVE-2014-3861
Published: 2014-09-02
Cross-site scripting (XSS) vulnerability in CDA.xsl in HL7 C-CDA 1.1 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted reference element within a nonXMLBody element.

CVE-2014-3862
Published: 2014-09-02
CDA.xsl in HL7 C-CDA 1.1 and earlier allows remote attackers to discover potentially sensitive URLs via a crafted reference element that triggers creation of an IMG element with an arbitrary URL in its SRC attribute, leading to information disclosure in a Referer log.

CVE-2014-5076
Published: 2014-09-02
The La Banque Postale application before 3.2.6 for Android does not prevent the launching of an activity by a component of another application, which allows attackers to obtain sensitive cached banking information via crafted intents, as demonstrated by the drozer framework.

CVE-2014-5136
Published: 2014-09-02
Cross-site scripting (XSS) vulnerability in Innovative Interfaces Sierra Library Services Platform 1.2_3 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
This episode of Dark Reading Radio looks at infosec security from the big enterprise POV with interviews featuring Ron Plesco, Cyber Investigations, Intelligence & Analytics at KPMG; and Chris Inglis & Chris Bell of Securonix.