Thought Leaders
Editors
Marilyn Cohodas
Marilyn Cohodas
Community Editor, Dark Reading
Kelly Jackson Higgins
Kelly Jackson Higgins
Senior Editor, Dark Reading
Tim Wilson
Tim Wilson
Editor in Chief, Dark Reading
Contributors
Ed Amoroso
Ed Amoroso
Chief Security Officer, AT&T
Charles Babcock
Charles Babcock
Editor At Large, InformationWeek
David Berlind
Chief Content Officer, UBM TechWeb
Rajat Bhargava
Rajat Bhargava
Co-Founder & CEO, JumpCloud
Michael Biddick
Michael Biddick
CEO, Fusion PPT and Contributing Editor
Ellis Booker
Ellis Booker
Technology Journalist
Kate Borten
Kate Borten
President, The Marblehead Group
Jennifer Bosavage
Jennifer Bosavage
Editor In Chief, Solution Providers for Retail
Tom Bowers
Tom Bowers
Principal Security Strategist, ePlus Technologies
Mark Bregman
Mark Bregman
Senior Vice President & Chief Technology Officer, Neustar
John Bumgarner
John Bumgarner
Chief Technology Officer for the U.S. Cyber Consequences Unit
Kristin Burnham
Kristin Burnham
Senior Editor, InformationWeek.com
Craig Carpenter
Craig Carpenter
Chief Cybersecurity Strategist, AccessData
David F Carr
David F Carr
Editor, InformationWeek Healthcare
Pat Carroll
Pat Carroll
Executive Chairman & Founder, ValidSoft
Ericka Chickowski
Ericka Chickowski
Contributing Writer, Dark Reading
Thomas Claburn
Thomas Claburn
Editor-at-Large
Kerstyn Clover
Kerstyn Clover
Attack & Defense Team Consultant
Mark L. Cohn
Mark L. Cohn
Chief Technology Officer, Unisys Federal Systems
Eric Cole
Eric Cole
Founder & Chief Scientist, Secure Anchor Consulting
Bob Covello
Bob Covello
Security Tech Veteran
George Crump
George Crump
President, Storage Switzerland
Andy Daudelin
Andy Daudelin
VP Security Services, AT&T Business Solutions
Michael A. Davis
Michael A. Davis
Contributing Editor
Amy DeCarlo
Amy DeCarlo
Principal Analyst, Security and Data Center Services
Alison Diana
Alison Diana
Senior Editor
Boonsri Dickinson
Boonsri Dickinson
Associate Editor of BYTE
Phil Dunkelberger
Phil Dunkelberger
President & CEO, Nok Nok Labs
Adam Ely
Adam Ely
Network Computing Blogger
Michael Endler
Michael Endler
Associate Editor, InformationWeek.com
Jonathan Feldman
Jonathan Feldman
Contributing Editor
John Foley
John Foley
Editor, InformationWeek
Paige Francis
Paige Francis
CIO for IT, Fairfield University
Mike Fratto
Mike Fratto
Network Computing Editor
Andrew Froehlich
Andrew Froehlich
President & Lead Network Architect, West Gate Networks
Dave Frymier
Dave Frymier
Chief Information Security Officer, Unisys
Lorna Garey
Lorna Garey
Content Director, InformationWeek Reports
Brad Garlinghouse
Brad Garlinghouse
CEO, Hightail
Garret Grajek
Garret Grajek
CTO & COO, SecureAuth
Levi Gundert
Levi Gundert
Technical Lead, Cisco Threat Research, Analysis, and Communications (TRAC)
Malcolm Harkins
Malcolm Harkins
Vice President and Chief Security and Privacy Officer, Intel Corporation
Doug Henschen
Doug Henschen
Executive Editor, InformationWeek
Robert Hinden
Robert Hinden
Check Point Fellow & IPV6 Co-Inventor
J. Nicholas Hoover
J. Nicholas Hoover
Senior Editor, InformationWeek Government
Rick Howard
Rick Howard
CSO, Palo Alto Networks
Ravi Ithal
Ravi Ithal
Chief Architect, Netskope
William Jackson
William Jackson
Technology Writer
Dan Jones
Dan Jones
Mobile Editor
Wyatt Kash
Wyatt Kash
Editor, InformationWeek Government
TK Keanini
TK Keanini
CTO, Lancope
Dave Kearns
Dave Kearns
Analyst, Kuppinger-Cole
Bill Kleyman
Bill Kleyman
National Director of Strategy & Innovation, MTM Technologies
John Klossner
John Klossner
Cartoonist
Marianne Kolbasuk McGee
Marianne Kolbasuk McGee
Senior Writer, InformationWeek
Ray Le Maistre
Ray Le Maistre
Editor-in-chief
Martin Lee
Martin Lee
Technical Lead, Threat Research, Analysis & Communications, Cisco
Robert Lemos
Robert Lemos
Technology Journalist
Pete Lindstrom
Pete Lindstrom
Principal & VP Research, Spire Security
Eric Lundquist
Eric Lundquist
VP & Editorial Analyst for InformationWeek Business Technology Network
Calum MacLeod
Calum MacLeod
VP, EMEA, Lieberman Software
Elena Malykhina
Elena Malykhina
Technology Journalist
Kurt Marko
Kurt Marko
Contributing Editor
Howard Marks
Howard Marks
Network Computing Blogger
Leonard T. Marzigliano
Leonard T. Marzigliano
CISSP-ISSMP, Information Assurance Architect, Defense Logistics Agency
Paul McDougall
Paul McDougall
Editor At Large, InformationWeek
Laurianne McLaughlin
Laurianne McLaughlin
Editor-in-Chief, InformationWeek.com
Michelle McNickle
Michelle McNickle
Associate Editor of InformationWeek Healthcare
Jasmine McTigue
Jasmine McTigue
Principal, McTigue Analytics
Grayson Milbourne
Grayson Milbourne
Director, Security Intelligence, Webroot
Grant Moerschel
Grant Moerschel
Co-Founder, WaveGard
Chris Murphy
Chris Murphy
Editor, InformationWeek
Corey Nachreiner
Corey Nachreiner
Director, Security Strategy & Research, WatchGuard Technologies
Wendy Nather
Wendy Nather
Research Director, Enterprise Security Practice
Fritz Nelson
Fritz Nelson
Vice President, Editorial Director InformationWeek Business Technology Network
Fredrik Nilsson
Fredrik Nilsson
General Manager, Axis Communications, North America
Roma Nowak
Roma Nowak
Sr Director Web Operations & Production
Susan Nunziata
Susan Nunziata
Director of Editorial, Enterprise Efficiency
Thomas Pedersen
Thomas Pedersen
CEO & Founder, OneLogin
John W. Pirc
John W. Pirc
Research Vice President, NSS Labs
Dave Piscitello
Dave Piscitello
VP Security, ICANN
Rob Preston
Rob Preston
VP & Editor in Chief, InformationWeek
Brian Prince
Brian Prince
Contributing Writer, Dark Reading
Tom Quillin
Tom Quillin
Director of Cyber Security Technology & Initiatives, Intel Corporation
Jim Reavis
Jim Reavis
Co-Founder & Executive Director, Cloud Security Alliance
Tim Rohrbaugh
Tim Rohrbaugh
VP Information Security, Intersections Inc.
Mike Rothman
Mike Rothman
Analyst & President, Securosis
Tim Sapio
Tim Sapio
Security Analyst, Bishop Fox
Marcia Savage
Marcia Savage
Managing Editor, Network Computing
John H. Sawyer
John H. Sawyer
Contributing Writer, Dark Reading
Jaeson Schultz
Jaeson Schultz
Threat Research Engineer, Cisco TRAC Team
Nick Selby
Nick Selby
CEO, StreetCred Software, Inc
Shahar Tal
Shahar Tal
Vulnerability & Security Research Manager, Check Point Software Technologies
Bankim Tejani
Bankim Tejani
Senior Security Architect, ServiceMesh
Bala Venkat
Bala Venkat
CMO, Cenzic
Mitch Wagner
Mitch Wagner
California Bureau Chief, Light Reading
Peter Waterhouse
Peter Waterhouse
Senior Technical Marketing Advisor, CA Technologies
Mark Weinstein
Mark Weinstein
Founder & CEO, Sgrouples
Jeff Williams
Jeff Williams
CTO, Contrast Security
Ira Winkler
Ira Winkler
Co-Founder & President, Secure Mentem, Inc.
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Containing Corporate Data on Mobile Devices
Containing Corporate Data on Mobile Devices
If you’re still focused on securing endpoints, you’ve got your work cut out for you. WiFi network provider iPass surveyed 1,600 mobile workers and found that the average US employee carries three devices -- a smartphone, a computer, and a tablet or e-reader -- with more than 80% of them doing work on personal devices.
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2011-0460
Published: 2014-04-16
The init script in kbd, possibly 1.14.1 and earlier, allows local users to overwrite arbitrary files via a symlink attack on /dev/shm/defkeymap.map.

CVE-2011-0993
Published: 2014-04-16
SUSE Lifecycle Management Server before 1.1 uses world readable postgres credentials, which allows local users to obtain sensitive information via unspecified vectors.

CVE-2011-3180
Published: 2014-04-16
kiwi before 4.98.08, as used in SUSE Studio Onsite 1.2 before 1.2.1 and SUSE Studio Extension for System z 1.2 before 1.2.1, allows attackers to execute arbitrary commands via shell metacharacters in the path of an overlay file, related to chown.

CVE-2011-4089
Published: 2014-04-16
The bzexe command in bzip2 1.0.5 and earlier generates compressed executables that do not properly handle temporary files during extraction, which allows local users to execute arbitrary code by precreating a temporary directory.

CVE-2011-4192
Published: 2014-04-16
kiwi before 4.85.1, as used in SUSE Studio Onsite 1.2 before 1.2.1 and SUSE Studio Extension for System z 1.2 before 1.2.1, allows attackers to execute arbitrary commands as demonstrated by "double quotes in kiwi_oemtitle of .profile."

Best of the Web