Application Security // Database Security
News & Commentary
SQL Injection Cleanup Takes Two Months or More
Kelly Jackson Higgins, Senior Editor, Dark ReadingQuick Hits
A new report highlights the prevalence and persistence of SQL injection attacks.
By Kelly Jackson Higgins Senior Editor, Dark Reading, 4/17/2014
Comment0 comments  |  Read  |  Post a Comment
What Is The FIDO Alliance?
Dark Reading, CommentaryVideo
Phillip Dunkelberger of Nok Nok Labs explains why its proposed specifications will transform computing.
By Dark Reading , 4/2/2014
Comment0 comments  |  Read  |  Post a Comment
Finally, Plug & Play Authentication!
Phil Dunkelberger, President & CEO, Nok Nok LabsCommentaryVideo
FIDO Alliance technology will allow enterprises to replace passwords with plug-and-play multifactor authentication.
By Phil Dunkelberger President & CEO, Nok Nok Labs, 3/26/2014
Comment1 Comment  |  Read  |  Post a Comment
Attackers Hit Clearinghouse Selling Stolen Target Data
Mathew J. Schwartz, News
Hackers interrupt and deface sites of black-market forums selling credit card data stolen from Target and other retailers.
By Mathew J. Schwartz , 3/18/2014
Comment4 comments  |  Read  |  Post a Comment
7 Behaviors That Could Indicate A Security Breach
Becca Lipman, News
Breaches create outliers. Identifying anomalous activity can help keep firms in compliance and out of the headlines.
By Becca Lipman , 3/14/2014
Comment1 Comment  |  Read  |  Post a Comment
The Case For Browser-Based Access Controls
Garret Grajek, CTO & COO, SecureAuthCommentary
Is "browser-ized" security a better defense against hackers than traditional methods? Check out these two examples.
By Garret Grajek CTO & COO, SecureAuth, 3/7/2014
Comment2 comments  |  Read  |  Post a Comment
FIDO Alliance Releases Authentication Standards, Unveils Products
Tim Wilson, Editor in Chief, Dark ReadingNews
Proponents say the new specifications will pave the way for the replacement of passwords, which are frequently lost, stolen, or hacked.
By Tim Wilson Editor in Chief, Dark Reading, 2/18/2014
Comment0 comments  |  Read  |  Post a Comment
Target Breach: Phishing Attack Implicated
Mathew J. Schwartz, News
Report suggests malware-laced email attack on Target's HVAC subcontractor leaked access credentials for retailer's network.
By Mathew J. Schwartz , 2/13/2014
Comment12 comments  |  Read  |  Post a Comment
Data Breach Notifications: Time For Tough Love
Mathew J. Schwartz, Commentary
Target and Neiman Marcus came clean quickly about their data breaches, but most business don't. It's time for standards -- and fines.
By Mathew J. Schwartz , 2/7/2014
Comment12 comments  |  Read  |  Post a Comment
4 Hurdles That Trip Security Analytics Efforts
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Don't let these people and process problems get in the way of security analytics effectiveness.
By Ericka Chickowski Contributing Writer, Dark Reading, 1/29/2014
Comment1 Comment  |  Read  |  Post a Comment
Target Mocks, Not Helps, Its Data Breach Victims
Ira Winkler, Co-Founder & President, Secure Mentem, Inc.Commentary
The only thing consumers did wrong is to shop at Target. Why are they being blamed for the retailer's security failings?
By Ira Winkler Co-Founder & President, Secure Mentem, Inc., 1/22/2014
Comment22 comments  |  Read  |  Post a Comment
HIPAA, SOX & PCI: The Coming Compliance Crisis In IT Security
Andy Daudelin, VP Security Services, AT&T Business SolutionsCommentary
New mandates around datacenter virtualization, enterprise apps, and BYOD will stretch IT security staffs and budgets to the max in 2014.
By Andy Daudelin VP Security Services, AT&T Business Solutions, 1/21/2014
Comment11 comments  |  Read  |  Post a Comment
Target Breach: 8 Facts On Memory-Scraping Malware
Mathew J. Schwartz, News
Target confirmed that malware compromised its point-of-sale systems. How does such malware work, and how can businesses prevent infections?
By Mathew J. Schwartz , 1/14/2014
Comment4 comments  |  Read  |  Post a Comment
Cloud Gazing: 3 Security Trends To Watch
Bill Kleyman, National Director of Strategy & Innovation, MTM TechnologiesCommentary
The ultimate success of cloud computing depends on the security solutions we wrap around it.
By Bill Kleyman National Director of Strategy & Innovation, MTM Technologies, 1/9/2014
Comment9 comments  |  Read  |  Post a Comment
Security, Privacy & The Democratization Of Data
Martin Lee, Technical Lead, Threat Research, Analysis & Communications, CiscoCommentary
Data gathering and profiling capabilities that today are only available to nation states will eventually be at the disposal of everyone. What then?
By Martin Lee Technical Lead, Threat Research, Analysis & Communications, Cisco, 12/30/2013
Comment11 comments  |  Read  |  Post a Comment
RSA Denies Trading Security For NSA Payout
Mathew J. Schwartz, News
EMC security subsidiary accused of accepting $10 million from the NSA to purposefully use encryption for which the intelligence agency enjoyed backdoor access.
By Mathew J. Schwartz , 12/23/2013
Comment13 comments  |  Read  |  Post a Comment
Database Risks Increase As Patch Frequency Decreases
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Department of Energy breach report offers stark lesson in patch management's relationship with database risk postures
By Ericka Chickowski Contributing Writer, Dark Reading, 12/23/2013
Comment0 comments  |  Read  |  Post a Comment
Mobility & Cloud: A Double Whammy For Securing Data
Jerry Irvine, Commentary
In 2014, legacy security solutions like firewalls and intrusion detection systems will no longer be sufficient to protect corporate data against BYOD and cybercrime.
By Jerry Irvine , 12/23/2013
Comment4 comments  |  Read  |  Post a Comment
Target Breach: 10 Facts
Mathew J. Schwartz, News
Experts advise consumers not to panic as suspicion falls on point-of-sale terminals used to scan credit cards.
By Mathew J. Schwartz , 12/21/2013
Comment23 comments  |  Read  |  Post a Comment
My 5 Wishes For Security In 2014
Dave Piscitello, VP Security, ICANNCommentary
Security skeptic Dave Piscitello tells why his end-of-year InfoSec predictions are like a fine wine.
By Dave Piscitello VP Security, ICANN, 12/18/2013
Comment4 comments  |  Read  |  Post a Comment
More Stories
Register for Dark Reading Newsletters
White Papers
Current Issue
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2014-04-17
DistUpgrade/ in Update Manager before 1:, 1:0.134.x before 1:, 1:0.142.x before 1:, 1:0.150.x before 1:, and 1:0.152.x before 1: does not properly create temporary files, which allows local users to obtain the XAUTHORITY file conte...

Published: 2014-04-17
The users controller in Katello 1.5.0-14 and earlier, and Red Hat Satellite, does not check authorization for the update_roles action, which allows remote authenticated users to gain privileges by setting a user account to an administrator account.

Published: 2014-04-17
The rbovirt gem before 0.0.24 for Ruby uses the rest-client gem with SSL verification disabled, which allows remote attackers to conduct man-in-the-middle attacks via unspecified vectors.

Published: 2014-04-17
The Jaxb2RootElementHttpMessageConverter in Spring MVC in Spring Framework before 3.2.8 and 4.0.0 before 4.0.2 does not disable external entity resolution, which allows remote attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML, aka an XML External ...

Published: 2014-04-17
PackStack in Red Hat OpenStack 4.0 does not enforce the default security groups when deployed to Neutron, which allows remote attackers to bypass intended access restrictions and make unauthorized connections.

Best of the Web