Commentary
-
Featured Commentary
-
Much Ado About PushDo
We don't need a stretcher -- we need a mop
-
Rethinking Identity Management
By Tim Wilson
Secret identities are a good thing. Multiple identities? Not so much
-
Security War Games
By David Schwartzberg- Sophos
Information security keeps evolving, but our educational methods are not evolving rapidly enough to win the cold cyberwar
-
Why Database Monitoring?
By Adrian Lane
Hoping other people detect your breach before you lose millions is not a good strategy
-
-
Use A Human Trust Model For Endpoints
Use anthropomorphic references to engage your brain and strengthen your approach to security
-
-
I Think We're All Botnets On This Bus
By Wendy Nather
How many undercover researchers can fit under one cover?
-
Five Questions To Ask When Choosing A Threat Intelligence Service
By Tim Wilson
Threat intelligence services are becoming an essential weapon in the enterprise security arsenal. Do you know how to choose one?
-
Panic Now
There is a big difference between panic and anxiety
-
Security Minor Leagues
By Mike Rothman
The security skills gap continues to expand as more companies realize what they need and, more importantly what they don't have. We need a security minor league system to meet the demand
-
La Vie En ROSI
By Wendy Nather
Return on security investment may be slightly less mythical than you think
-
Dark Reading's Seven-Year Itch
By Tim Wilson
After seven years of covering the security industry, Dark Reading is just getting started
-
Exploit Devs At Risk: The Nuclear Scientists Of The Next Decade?
By Tom Parker
Will a nations exploit developers become the potential targets of state-sponsored assassinations in the future, much like the nuclear scientists of the past century?
-
Big Data Makes A Big Target
By Tim Wilson
LivingSocial.com is another in a long line of "big scores" for data attackers
-
Hacker Conferences Come To Bloom In Chicago
By David Schwartzberg
SophosChicago was off the hook with two hacker conferences hosting Bruce Schneier, Josh Corman, Jericho, and many others, including a few first-time presenters
-
The Many Faces Of The Verizon Data Breach Investigation Report
By Tim Wilson
Verizon's annual data breach report offers volumes of data -- and even more interpretations
-
-
Scan My Eyeball, Already
Could consumers be the catalyst for the password's ultimate demise?
-
-
What Every CFO Should Know About Security Breaches
By Tim Wilson
Panelists say chief financial officers should know the difference between good security spending and bad
-
ACLU Issues Wake-Up Call To Android Service Providers
By Tim Wilson
In complaint to FTC, civil liberties organization accuses AT&T, Verizon, Sprint, and T-Mobile of "unfair and deceptive business practices"
-
What IAM Can Learn From Bill Gates
In identity and access management, it pays to be long-term aggressive and short-term conservative
-
Safeguarding Your Data Against The Two-Bit Ne'er-Do-Well
A real-life data breach incident underscores the importance of employing even the most basic levels of security protection
Free Research and Reports
Whitepapers
- HP Newsletter with Gartner Research: Maximizing Your Infrastructure through Virtualization
- Understanding Holistic Database Security 8 Steps to Successfully Securing Enterprise Data Sources
- A How-To Guide on Using Cloud Services for Security-Rich Data Backup
- Holistic Risk Management: Perspectives from IT Professionals
- Aligning IT with strategic business goals: A proactive approach to managing IT risk to your business
Upcoming Events
Dark Reading Digital Magazine
In This Issue
- The Future Of Web Authentication: Password technology is out of steam. We need safer ways to prove who's who online.
- Rethink ID Management: If the technology continues to improve, it might soon be OK for all of us to be one person on the Web.
Tech Insight
Bugs
Enterprise Vulnerabilities From DHS/US-CERT's National Vulnerability Database
CVE-2012-4697
TURCK BL20 Programmable Gateway and BL67 Programmable Gateway have hardcoded accounts, which allows remote attackers to obtain administrative access via an FTP session.
CVE-2011-4520
Heap-based buffer overflow in an ActiveX component in MICROSYS PROMOTIC before 8.1.5 allows remote attackers to cause a denial of service via a crafted web page.
CVE-2011-4519
Stack-based buffer overflow in an ActiveX component in MICROSYS PROMOTIC before 8.1.5 allows remote attackers to cause a denial of service via a crafted web page.
CVE-2011-4518
Directory traversal vulnerability in the PmWebDir object in the web server in MICROSYS PROMOTIC before 8.1.5 allows remote attackers to read arbitrary files via unspecified vectors.
CVE-2012-6563
engine/lib/access.php in Elgg before 1.8.5 does not properly clear cached access lists during plugin boot, which allows remote attackers to read private entities via unspecified vectors.