Operations // Careers & People
News & Commentary
Government Security: Saying 'No' Doesn't Work
Steve Jones, Group Strategy Director, Big Data & Analytics, CapgeminiCommentary
It's time for government agencies to move beyond draconian security rules and adopt anomaly analytics.
By Steve Jones Group Strategy Director, Big Data & Analytics, Capgemini, 7/14/2014
Comment0 comments  |  Read  |  Post a Comment
3 BYOD Risk Prevention Strategies
Jim Szafranski, SVP Customer Platform Services, FiberlinkCommentary
An effective BYOD plan must balance control with convenience. Here's what to keep in mind.
By Jim Szafranski SVP Customer Platform Services, Fiberlink, 7/8/2014
Comment2 comments  |  Read  |  Post a Comment
Dark Reading Radio: The Changing Role Of The CSO
Marilyn Cohodas, Community Editor, Dark ReadingCommentary
Why does the CSO report to the CIO? Join us for a panel discussion. Showtime is today, Wednesday, 1:00 p.m., New York, 10 a.m., San Francisco.
By Marilyn Cohodas Community Editor, Dark Reading, 7/8/2014
Comment7 comments  |  Read  |  Post a Comment
Why Your Application Security Program May Backfire
Jeff Williams, CTO, Contrast SecurityCommentary
You have to consider the human factor when youíre designing security interventions, because the best intentions can have completely opposite consequences.
By Jeff Williams CTO, Contrast Security, 7/2/2014
Comment4 comments  |  Read  |  Post a Comment
Hacker Movies We Love & Hate
Marilyn Cohodas, Community Editor, Dark Reading
Check out Dark Reading community members' favorite hacker movie hits and misses. Then add your picks in the comments section.
By Marilyn Cohodas Community Editor, Dark Reading, 7/1/2014
Comment3 comments  |  Read  |  Post a Comment
3 Mobile Security Tips For SMBs
Vijay Basani, Co-Founder, President & CEO, EIQ NetworksCommentary
Everyone in an organization has to work together to combat intrusions and data loss, but this is especially true for small businesses.
By Vijay Basani Co-Founder, President & CEO, EIQ Networks, 6/27/2014
Comment5 comments  |  Read  |  Post a Comment
Why A Secured Network Is Like The Human Body
Dan Ross, CEO & President, PromisecCommentary
Itís time to throw away the analogies about building fortresses and perimeter defenses and start to approach InfoSec with the same standard of care we use for public health.
By Dan Ross CEO & President, Promisec, 6/26/2014
Comment11 comments  |  Read  |  Post a Comment
What Workplace Privacy Will Look Like In 10 Years
David Melnick, Founder & CEO, WebLife BalanceCommentary
New laws like Europe's "right to be forgotten" in Google search are just the latest examples of how quickly perceptions and practices about personal privacy in the workplace are changing.
By David Melnick Founder & CEO, WebLife Balance, 6/19/2014
Comment10 comments  |  Read  |  Post a Comment
Ending Cybersecurity Labor Shortage Will Take Time
Sara Peters, News
Researchers at RAND say the industry has taken the right steps, but there is still a long way to go.
By Sara Peters , 6/18/2014
Comment3 comments  |  Read  |  Post a Comment
Security Pro File: Spam-Inspired Journey From Physics To Security
Kelly Jackson Higgins, Senior Editor, Dark ReadingNews
SANS Internet Storm Center director Johannes Ullrich talks threat tracking, spam, physics -- and his pick for the World Cup.
By Kelly Jackson Higgins Senior Editor, Dark Reading, 6/17/2014
Comment7 comments  |  Read  |  Post a Comment
A Roadmap for CIOs & CSOs After the Year of the Mega Breach
Sheila B. Jordan, SVP & CIO, SymantecCommentary
The journey starts with three steps: Engage the C-suite, think like a hacker, and look at the big picture.
By Sheila B. Jordan SVP & CIO, Symantec, 6/16/2014
Comment16 comments  |  Read  |  Post a Comment
Academia: Government's Biggest Cyber Security Ally?
W. Hord Tipton, Commentary
Federal cyber security programs need access to fresh talent. They can boost the quality of that talent by bolstering cyber security training in colleges and universities.
By W. Hord Tipton , 6/12/2014
Comment5 comments  |  Read  |  Post a Comment
Target Hires GM Exec As First CISO
Kristin Burnham, Senior Editor, InformationWeek.comCommentary
Target names Brad Maiorino as its first chief information security officer to oversee the company's security and technology risk strategy.
By Kristin Burnham Senior Editor, InformationWeek.com, 6/11/2014
Comment6 comments  |  Read  |  Post a Comment
Donít Let Lousy Teachers Sink Security Awareness
Corey Nachreiner, Director, Security Strategy & Research, WatchGuard TechnologiesCommentary
You can't fix a human problem with a technology solution. Here are three reasons why user education can work and six tips on how to develop a corporate culture of security.
By Corey Nachreiner Director, Security Strategy & Research, WatchGuard Technologies, 6/11/2014
Comment11 comments  |  Read  |  Post a Comment
In Praise Of Shadow IT
Eric Zeman, Commentary
80% of those employed by enterprises larger than 1,000 people circumvent IT to use cloud-based tools, new research says. I say let them.
By Eric Zeman , 6/9/2014
Comment12 comments  |  Read  |  Post a Comment
Women in InfoSec: Building Bonds & New Solutions
Lysa Myers, Security Researcher, ESETCommentary
Learning, camaraderie, and fighting the good fight are just three reasons these women are trailblazing careers in InfoSec.
By Lysa Myers Security Researcher, ESET, 6/9/2014
Comment7 comments  |  Read  |  Post a Comment
Dark Reading Radio: Breaking the Glass Ceiling in InfoSec
Marilyn Cohodas, Community Editor, Dark ReadingCommentary
Join the discussion about the challenges and rewards of being a woman in IT security from the vantage point of three accomplished security professionals. Wednesday, June 11, 2014 at 1:00 p.m. ET
By Marilyn Cohodas Community Editor, Dark Reading, 6/6/2014
Comment9 comments  |  Read  |  Post a Comment
If HTML5 Is The Future, What Happens To Access Control?
Garret Grajek, CTO & COO, SecureAuthCommentary
The solution for multi-device deployment is HTML5. The challenge, for the enterprise, is deploying it correctly. Here are seven tools you will need.
By Garret Grajek CTO & COO, SecureAuth, 6/5/2014
Comment1 Comment  |  Read  |  Post a Comment
IT Salary Survey 2014: Security
InformationWeek Staff,
Security IT professionals are well positioned for future career growth, with many successfully competing for better benefits and higher salaries even in today's tight job market.
By InformationWeek Staff , 6/2/2014
Comment0 comments  |  Read  |  Post a Comment
Dark Reading Radio: The Real Reason Security Jobs Remain Vacant
Sara Peters, Commentary
Join us Wednesday, May 28, at 1:00 p.m. Eastern, to learn why good security staff really are not hard to find, if you know what to look for.
By Sara Peters , 5/27/2014
Comment4 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Register for Dark Reading Newsletters
White Papers
Current Issue
Cartoon
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-4734
Published: 2014-07-21
Cross-site scripting (XSS) vulnerability in e107_admin/db.php in e107 2.0 alpha2 and earlier allows remote attackers to inject arbitrary web script or HTML via the type parameter.

CVE-2014-4960
Published: 2014-07-21
Multiple SQL injection vulnerabilities in models\gallery.php in Youtube Gallery (com_youtubegallery) component 4.x through 4.1.7, and possibly 3.x, for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) listid or (2) themeid parameter to index.php.

CVE-2014-5016
Published: 2014-07-21
Multiple cross-site scripting (XSS) vulnerabilities in LimeSurvey 2.05+ Build 140618 allow remote attackers to inject arbitrary web script or HTML via (1) the pid attribute to the getAttribute_json function to application/controllers/admin/participantsaction.php in CPDB, (2) the sa parameter to appl...

CVE-2014-5017
Published: 2014-07-21
SQL injection vulnerability in CPDB in application/controllers/admin/participantsaction.php in LimeSurvey 2.05+ Build 140618 allows remote attackers to execute arbitrary SQL commands via the sidx parameter in a JSON request to admin/participants/sa/getParticipants_json, related to a search parameter...

CVE-2014-5018
Published: 2014-07-21
Incomplete blacklist vulnerability in the autoEscape function in common_helper.php in LimeSurvey 2.05+ Build 140618 allows remote attackers to conduct cross-site scripting (XSS) attacks via the GBK charset in the loadname parameter to index.php, related to the survey resume.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Where do information security startups come from? More important, how can I tell a good one from a flash in the pan? Learn how to separate ITSec wheat from chaff in this episode.