CommentaryHacked Off
-
Android MDM Fragmentation: Does It Matter?
April 11, 2013 Of all the major mobile operating systems, Android provides the least in terms of mobile security and device management. Google has let its customers down
-
How To Bug Mitch McConnell's Office
April 10, 2013 'Bugging' in the context of politics raises images of burglars messing with telephones and clunky tape recorders in the Oval Office. Now you'd just use malware
-
Office 2003, Windows XP Support Ends In One Year
April 09, 2013 If you're still using Windows XP, then you won't let a little thing like unpatched public vulnerabilities stop you. But many Office 2003 users will be surprised to find themselves cut loose by Microsoft
-
Who Supplies CyberBunker?
March 28, 2013 The hosting company behind CyberBunker, the company allegedly behind the DDOS attacks on Spamhaus, connects to the Internet through other providers. Perhaps the only way to pressure those responsible for the attacks is to put pressure on the upstream providers
-
BlackBerry Balance: The Real Reason To Buy It
March 28, 2013 BlackBerry Z10 is a good phone, but it doesn't get really cool until you use it as both your work and personal phone. BlackBerry 10 has a series of features the company calls "BlackBerry Balance," to make both roles work well and to protect each from the other
-
Follow The Dumb Security Money
March 26, 2013 By Mike Rothman
When security companies raise big funding rounds and spend big bucks at security conferences, be afraid -- very afraid
-
Arguments Against Security Awareness Are Shortsighted
March 25, 2013 By Ira Winkler
A counterpoint to Bruce Schneier's recent post on security awareness training for users
-
Cisco Reports Some IOS Passwords Weakly Hashed
March 20, 2013 Type 4 plain-text user passwords on Cisco IOS and Cisco IOS XE devices are hashed not according to spec, but with no salt and just one SHA-256 iteration. Working around the problem can be clumsy
-
Samsung? BlackBerry? Who Will Win The Containerization Wars?
March 19, 2013 The chaos of multiple container formats won't last
-
On Security Awareness Training
March 19, 2013 The focus on training obscures the failures of security design
-
You've Been Hacked, But For How Long?
March 14, 2013 One of the big themes at the recent RSA Conference was awareness of threats already inside the network. The way you learn about these threats and lower your ‘Mean Time To Know’ (MTTW) about an intrusion is with profile-based network monitoring
-
Samsung Knox Raises Android Security Game
March 11, 2013 Following the BlackBerry announcement of BES 10 as a general-purpose mobile management solution, Samsung has expanded its SAFE program to include EMM features like MAM and business/personal partitioning. These companies are advancing the technology for customers. Where are Microsoft and Apple in this?
-
BlackBerry Can Set EMM Standard With BES 10
March 05, 2013 By Larry Seltzer
The need for the BlackBerry Enterprise Server that's still in almost all large organizations has been declining, but BES 10 changes everything. Instead of being a legacy server to manage legacy phones, BES 10 can be the central console for managing all mobile devices
-
Evernote Resets Everyone's Passwords After Intrusion
March 02, 2013 By Larry Seltzer
After detecting a coordinated intrusion into their network, Evernote forced a system-wide password reset today. The attackers were able to access Evernote user information, which includes usernames, email addresses associated with Evernote accounts and encrypted passwords
-
Open Public Wi-Fi: How To Stay Safe
March 01, 2013 By Larry Seltzer
One day our systems will be built to default always to secure configurations, but we're not there yet
-
The Best Way To Spend Your Security Budget
February 28, 2013 By Larry Seltzer
One SQL injection attack can bring in big bucks. It's a no-brainer that you should make this problem top priority
-
You're A Piece Of Conference Meat
February 24, 2013 By Mike Rothman
Every year folks get hacked off about seeing booth babes at big industry shows. Yet it seems too many don't understand why these ladies are there and how to disrupt these marketing tactics
-
The Road To Hell Is Authenticated By Facebook
February 21, 2013 OAuth allows us to log into many sites using familiar credentials, from Twitter, Facebook, Google or Microsoft. The main author of the original OAuth 1.0 spec says these giants took it and made OAuth 2.0 a monstrous, complex, and insecure mess that has already brought us significant vulnerabilities
-
iPhone Vulnerability: Return Of The Lock Screen Bypass
February 15, 2013 By Larry Seltzer
How do these errors resurface after being fixed? In Apple's case, the problem could be a weakness in their test plans or procedures
-
Security No-Man's Land
January 28, 2013 By Mike Rothman
As the industry descends on the RSA Conference to discuss the latest and greatest in security, the underserved midmarket continues to struggle with basic blocking and tackling. The industry machinery is not built to solve that problem
-
The Only Security Prediction That Matters
December 26, 2012 By Mike Rothman
In this silly season of year-end predictions, we need to collectively revisit the only prediction that will matter next year
-
A Backhanded Thanks
November 25, 2012 By Mike Rothman
As we recover from the Thanksgiving weekend, let's give our brand of security thanks for all the good (and not so good) in our world
-
The Business Of Commercial Exploit Development
November 20, 2012 A closer look at the debate surrounding this market
-
Making Security Trade-Offs
October 25, 2012 By Mike Rothman
Security is all about the trade-offs. You need a consistent method to evaluate risks and assess the pros/cons of each decision
-
The World Ended And No One Noticed
October 02, 2012 By Rich Mogull
Not a single breach among the many in the past two weeks did enough damage to trigger an alarm
Free Research and Reports
Whitepapers
Upcoming Events
Dark Reading Digital Magazine
In This Issue
- The Future Of Web Authentication: Password technology is out of steam. We need safer ways to prove who's who online.
- Rethink ID Management: If the technology continues to improve, it might soon be OK for all of us to be one person on the Web.