Author
 Sara Peters
Twitter
RSS
E-Mail

Profile of Sara Peters

Senior Editor at Dark Reading
Member Since: 3/12/2014
Author
News & Commentary Posts: 89
Comments: 270

Sara Peters is Senior Editor at Dark Reading and formerly the editor-in-chief of Enterprise Efficiency. Prior that she was senior editor for the Computer Security Institute, writing and speaking about virtualization, identity management, cybersecurity law, and a myriad of other topics. She authored the 2009 CSI Computer Crime and Security Survey and founded the CSI Working Group on Web Security Research Law -- a collaborative project that investigated the dichotomy between laws regulating software vulnerability disclosure and those regulating Web vulnerability disclosure.

Articles by Sara Peters

Blackshades Boss Pleads Not Guilty

5/30/2014
The BlackShades organization was run like a real business -- salaried staff, detailed customer lists, support teams -- and that was a key factor in both its success and its demise.

Post a Comment

In Support of Poor Ol' Windows Vista

10/13/2009
We just released the October issue of the CSI Alert to CSI members, and this month we focus on Windows 7. This issue is, in some ways, a follow-up to last year's issue, "The Fate of the Secure OS," in which I said some nice things about Windows Vista, and advised it would be imprudent to completely ignore Windows Vista -- eyes-closed, fingers-in-ears, chanting I'm-not-listening-I'm-not-listening.

Post a Comment

How Much Would You Pay To Never Have To Store PII?

9/2/2009
Imagine a world in which you can do all manner of smooth, rich, user-friendly online commerce with mighty security. You can have complete faith in the validity of customers' login credentials and payment data (thereby reducing fraud costs, for starters). You can protect users' privacy...and never need to worry about securely storing -- or even seeing -- customers' credit card data or other legally protected personally identifiable information. Wait 12 to 18 months, and you might just have that.

Post a Comment

UPDATE: BlackHat, Kinda: 'Real' Black Hats Hack Security Experts

7/29/2009
UPDATE: The rumor here is that the attacks did indeed happen, but the significance of it is actually quite small--not worth paying attention to, since attention is clearly what the attackers are seeking. More to come. BlackHat, Kinda: Yesterday a hacking group released details (http://sh0dan.org/zf05.txt) of a number of successful attacks they conducted, apparently with the principal purpose of embarrassing some of the security industry's most wel

Post a Comment

Kantara Initiative: Another Effort To Get Identity 2.0 Out Of The Gate

7/6/2009
We've been saying for a while now that better identity management -- more so than secure Web app coding or even more secure browsers -- could fuel a quantum leap in Web security. The "Identity 2.0" community can be credited with wonderful research and truly significant advancements in identity management technology. In many ways, we're poised for an identity revolution. However, the efforts have been hampered by a lack of public awareness, a lack of interoperable standards, usability concerns, a

Post a Comment

Ruminating on CSI SX

5/20/2009
Citizens of the Information Security Nation, to you I say Classify and inventory your data and assets! Tedium? Odium? Delirium? Yes, probably all three. But worth the trouble.

Post a Comment

Tippett To Discuss Verizon Breach Report

5/14/2009
Dr. Peter Tippett, vice president of research and intelligence for Verizon Business Security Solutions, will discuss the results of the company's "2009 Verizon Business Data Breach Investigations Report" (DBIR) at CSI SX: Security Exchange, taking place May 17-21 in Las Vegas.

Post a Comment

SIEM Case Study: Israeli e-government ISP

5/12/2009
Want a case study on the slings and arrows of outrageous SIEM implementation? Sure you do. (Really. You do. Trust me on this one.) Assaf Keren, information security manager at the Israeli e-government recently briefed me on the challenges and lessons he is learning whilst implementing a SIEM center in the Israeli e-government ISP Project (called "Tehila")--a topic he first told us about during the SIEM Summit at the CSI Annual 2008 conf

Post a Comment

Could Slimmer OSes Lead To Better Mobile Device Security?

2/10/2009
Maybe I'm stretching a bit, but let's say that operating system developers slimmed down their standard OSes enough so that eventually they'd be skinny enough to have a career in fashion and, more important, run on mobile devices. And, if so, would this be a good thing for mobile device security?

Post a Comment

My (Tentative) Wish List For A Better Secure Browser

10/14/2008
Web browsers are where the client machine rubber meets the Web server road. So it stands to reason that strong Web browser security is paramount -- far more effective than relying on thousands of Web application/plug-in developers to write more secure code. There are definitely some browser developers that are making strides in the right directions, but none of them are quite there yet. I'm still thinking through this, but if I were writing my wish list for a more secure Web browser today (and,

Post a Comment

Ignoring Vista Entirely Is Shortsighted

10/6/2008
Maine's skipping Vista, and I'm skipping like a broken record. The government of the state of Maine has joined the burgeoning group of organizations planning to sidestep Windows Vista and go straight from Windows XP to Windows 7. I continue to say that completely ignoring Vista is a shortsighted decision that may cause both usability and security troubles not too far down the l

Post a Comment

Can You Prove Compliance In The Cloud?

9/30/2008
Whether you're in the midst of an audit or a forensic investigation, thorough logs are the key to proving compliance with security regulations. So how do you prove your organization is/was compliant when you aren't able to maintain logs? This is the nagging question that gnaws hungrily at my weary brain every time I ponder cloud computing.

Post a Comment
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Threat Intel Today
Threat Intel Today
The 397 respondents to our new survey buy into using intel to stay ahead of attackers: 85% say threat intelligence plays some role in their IT security strategies, and many of them subscribe to two or more third-party feeds; 10% leverage five or more.
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-3352
Published: 2014-08-30
Cisco Intelligent Automation for Cloud (aka Cisco Cloud Portal) 2008.3_SP9 and earlier does not properly consider whether a session is a problematic NULL session, which allows remote attackers to obtain sensitive information via crafted packets, related to an "iFrame vulnerability," aka Bug ID CSCuh...

CVE-2014-3908
Published: 2014-08-30
The Amazon.com Kindle application before 4.5.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

CVE-2010-5110
Published: 2014-08-29
DCTStream.cc in Poppler before 0.13.3 allows remote attackers to cause a denial of service (crash) via a crafted PDF file.

CVE-2012-1503
Published: 2014-08-29
Cross-site scripting (XSS) vulnerability in Six Apart (formerly Six Apart KK) Movable Type (MT) Pro 5.13 allows remote attackers to inject arbitrary web script or HTML via the comment section.

CVE-2013-5467
Published: 2014-08-29
Monitoring Agent for UNIX Logs 6.2.0 through FP03, 6.2.1 through FP04, 6.2.2 through FP09, and 6.2.3 through FP04 and Monitoring Server (ms) and Shared Libraries (ax) 6.2.0 through FP03, 6.2.1 through FP04, 6.2.2 through FP08, 6.2.3 through FP01, and 6.3.0 through FP01 in IBM Tivoli Monitoring (ITM)...

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
This episode of Dark Reading Radio looks at infosec security from the big enterprise POV with interviews featuring Ron Plesco, Cyber Investigations, Intelligence & Analytics at KPMG; and Chris Inglis & Chris Bell of Securonix.