Dark Reading | Security | Protect The Business

Advertise With Us

About Us

Digital Subscription

Dark Reading Radio: The Winners & Losers of Botnet Takedowns

7 Black Hat Sessions Sure To Cause A Stir

Internet of Things: 4 Security Tips From The Military

Infographic: With BYOD, Mobile Is The New Desktop

Top Stories

Dark Reading Radio: The Winners & Losers ...

7 Black Hat Sessions Sure To Cause A Stir

Internet of Things: 4 Security Tips From ...

Myth-Busting Machine Learning In Security

Infographic: With BYOD, Mobile Is The New ...

News & Commentary

Dark Reading Radio: Data Loss Prevention (DLP) Fail

Kelly Jackson Higgins, Senior Editor, Dark Reading

Commentary

Learn about newly found vulnerabilities in commercial and open-source DLP software in the 7/30 episode of Dark Reading Radio.

By Kelly Jackson Higgins Senior Editor, Dark Reading, 7/29/2014

8 comments | Read | Post a Comment

Latest Comment: Kelly Jackson Higgins, Ryan, you can post that question in the Comment box below the show's page if...

Scan Shows Possible Heartbleed Fix Failures

Quick Hits

Study indicates many Global 2000 firms patched, but failed to replace digital certificates.

By Kelly Jackson Higgins Senior Editor, Dark Reading, 7/29/2014

4 comments | Read | Post a Comment

Latest Comment: Whoopty, I wonder if major bugs like this that affect thousands of sites will become...

The Perfect InfoSec Mindset: Paranoia + Skepticism

Corey Nachreiner, Director, Security Strategy & Research, WatchGuard Technologies

Commentary

A little skeptical paranoia will ensure that you have the impulse to react quickly to new threats while retaining the logic to separate fact from fiction.

By Corey Nachreiner Director, Security Strategy & Research, WatchGuard Technologies, 7/29/2014

2 comments | Read | Post a Comment

Latest Comment: CNACHREINER981, Heh... yup... Definitely a lot of paranoia in our profession!

Internet Of Things Contains Average Of 25 Vulnerabilities Per Device

Ericka Chickowski, Contributing Writer, Dark Reading

News

New study finds high volume of security flaws in such IoT devices as webcams, home thermostats, remote power outlets, sprinkler controllers, home alarms, and garage door openers.

By Ericka Chickowski Contributing Writer, Dark Reading, 7/29/2014

6 comments | Read | Post a Comment

Latest Comment: markoer, Thanks a lot, Kelly!

DHS-Funded 'SWAMP' Helps Scour Code For Bugs

News

Cloud-based platform offering free secure coding tools for developers in government, enterprises, academia, gaining commercial attention as well.

By Kelly Jackson Higgins Senior Editor, Dark Reading, 7/28/2014

5 comments | Read | Post a Comment

Latest Comment: Marilyn Cohodas, Awareness of the tools is a good first step. Awareness that software assurance...

Weak Password Advice From Microsoft

Andrey Dulkin, Senior Director, Cyber Innovation, CyberArk

Commentary

Tempting as it may seem to do away with strong passwords for low-risk websites, password reuse is still a significant threat to both users and business.

By Andrey Dulkin Senior Director, Cyber Innovation, CyberArk, 7/28/2014

6 comments | Read | Post a Comment

Latest Comment: Marilyn Cohodas, Yes, indeed! The PII that is floating around cyberspace is going to be a huge...

Myth-Busting Machine Learning In Security

News

Black Hat USA presentation to help quell misconceptions and confusion over machine learning methods in today's security tools.

By Ericka Chickowski Contributing Writer, Dark Reading, 7/28/2014

4 comments | Read | Post a Comment

Latest Comment: Kelly Jackson Higgins, Good point, @tgulati. It is definitely evolving, and I think this talk should...

Researchers Develop 'BlackForest' To Collect, Correlate Threat Intelligence

Brian Prince, Contributing Writer, Dark Reading

News

Researchers at the Georgia Tech Research Institute develop the BlackForest system to help organizations uncover and anticipate cyberthreats.

By Brian Prince Contributing Writer, Dark Reading, 7/25/2014

2 comments | Read | Post a Comment

Latest Comment: imeena, Sounds great!!! I hope you will soon have an online demo

Internet of Things: 4 Security Tips From The Military

Michael K. Daly, CTO, Cybersecurity & Special Missions, Raytheon Intelligence, Information & Services

Commentary

The military has been connecting mobile command posts, unmanned vehicles, and wearable computers for decades. It’s time to take a page from their battle plan.

By Michael K. Daly CTO, Cybersecurity & Special Missions, Raytheon Intelligence, Information & Services, 7/25/2014

9 comments | Read | Post a Comment

Latest Comment: Jeff Jerome, And how do we keep up with technology. There is so much change that it...

Travel Agency Fined £150,000 For Violating Data Protection Act

News

That'll teach them not to retain credit card data in perpetuity.

By Sara Peters , 7/24/2014

1 Comment | Read | Post a Comment

Latest Comment: Thomas Claburn, When it comes to data storage, less is more.

Passwords Be Gone! Removing 4 Barriers To Strong Authentication

Phillip M. Dunkelberger, President & CEO, Nok Nok Labs

Commentary

As biometric factors become more prevalent on mobile devices, FIDO Alliance standards will gain traction as an industry-wide authentication solution.

By Phillip M. Dunkelberger President & CEO, Nok Nok Labs, 7/24/2014

8 comments | Read | Post a Comment

Latest Comment: Jeff Jerome, Great point about not being able to recreate authentication for your Biometrics....

7 Arrested, 3 More Indicted For Roles In Cyber Fraud Ring That Stung StubHub

News

Arrests made in New York state, London, Toronto, and Spain for money laundering, grand larceny, and using StubHub customers' credit cards to buy and sell 3,500 e-tickets to prime events.

By Sara Peters , 7/23/2014

3 comments | Read | Post a Comment

Latest Comment: RyanSepe, Never thought of it like that. That does make sense to a certain extent. However,...

RAM Scraper Malware: Why PCI DSS Can't Fix Retail

Brian Riley, Technical Director, Government Programs, Green Hills Software

Commentary

There is a gaping hole in the pre-eminent industry security standard aimed at protecting customers, credit card and personal data

By Brian Riley Technical Director, Government Programs, Green Hills Software, 7/23/2014

8 comments | Read | Post a Comment

Latest Comment: Marilyn Cohodas, That's a great call to action, @brianriley. Here are two links about how to...

Dark Reading Radio: The Winners & Losers of Botnet Takedowns

Commentary

Our guests are Cheri McGuire, VP of global government affairs and cyber security policy for Symantec, and Craig D. Spiezle, executive director and founder of the Online Trust Alliance.

By Sara Peters , 7/23/2014

0 comments | Read | Post a Comment

7 Black Hat Sessions Sure To Cause A Stir

At Black Hat, researchers will point out the weaknesses in everything from the satellites in outer space to the thermostat in your home.

By Ericka Chickowski Contributing Writer, Dark Reading, 7/22/2014

9 comments | Read | Post a Comment

Latest Comment: RyanSepe, Thanks for this! For me, I am interested to hear about the shortcomings of...

Nigerian 419 Scammers Evolving Into Malware Pushers (But Not Very Good Ones)

Quick Hits

"Silver Spaniel" attacks use commodity malware to damage others' security, but they aren't very good at protecting their own.

By Sara Peters , 7/22/2014

10 comments | Read | Post a Comment

Latest Comment: Marilyn Cohodas, My thinking is that the earlier good practices can be drummed in the better....

Infographic: With BYOD, Mobile Is The New Desktop

Commentary

Security teams have no choice but to embrace the rapid proliferation of BYO devices, apps, and cloud services. To ignore it is to put your head in the sand.

By Adam Ely COO, Bluebox, 7/22/2014

8 comments | Read | Post a Comment

Latest Comment: RyanSepe, 14000 give or take a fluctuation of 500 because we are a teaching hospital...

Don't Overestimate EMV Protections, Underestimate Card Thief Sophistication

News

At Black Hat, an AccessData researcher will offer up a crash course in card payment tech and protections to root out security community misconceptions

By Ericka Chickowski Contributing Writer, Dark Reading, 7/21/2014

2 comments | Read | Post a Comment

Latest Comment: catvalencia, Now that debit card and credit card spending is growing; the door is open for...

Internet of Things: Security For A World Of Ubiquitous Computing

Candace Worley, SVP & GM, Endpoint Security, McAfee

Commentary

Endpoint security is hardly dead, and claiming that it is oversimplifies the challenges corporations face now and in the not-very-distant future.

By Candace Worley SVP & GM, Endpoint Security, McAfee, 7/21/2014

5 comments | Read | Post a Comment

Latest Comment: William L. Lind, The government should ensure about internet security. The use of the internet...

Hacking Your Hotel Room

News

At Black Hat USA next month, a researcher will show how to hack your way into controlling everything in a hotel room -- from lighting to television sets.

By Brian Prince Contributing Writer, Dark Reading, 7/18/2014

12 comments | Read | Post a Comment

Latest Comment: n0md3plum, I wear 6 proxies whenever I use hotel WiFi.

More Stories

Current Conversations

Posted by Whoopty

I wonder if major bugs like this that affect thousands of sites will become rarer in the future, thanks to efforts like Google's Project Zero security team. They've hired on the likes of Geohotz and several other amazing...

In reply to: Project Zero
Post Your Own Reply

Posted by Kelly Jackson Higgins

Ryan, you can post that question in the Comment box below the show's page if you've registered. Then we can have Zach address it--even if you're not there. Thanks!

In reply to: Re: Failure of Data Loss Prevention
Post Your Own Reply

Posted by RyanSepe

Thanks! Being the DLP administrator this will definitely be interesting. I did have a question that I think it stated below I could ask here for the broadcast. I can see DLP being a cloudy area when you use an email...

In reply to: Re: Failure of Data Loss Prevention
Post Your Own Reply

Posted by Kelly Jackson Higgins

Thank you for sharing that, Ryan. I'm also curious if any org has a good reason not to patch and reissue the cert.

In reply to: Re: patch only?
Post Your Own Reply

Posted by Kelly Jackson Higgins

@RyanSepe: Yes, we will have it archived later today. :) All of our shows are archived, actually. This is the DR Radio archive link: http://www.darkreading.com/dr-radio.asp

In reply to: Re: Failure of Data Loss Prevention
Post Your Own Reply

Posted by RyanSepe

My institution patched for Heartbleed and cycled the certs. Otherwise you won't be able to confidently say that your systems aren't exploited. The vulnerability may have allowed for forged certs to be applied and if you...

In reply to: Re: patch only?
Post Your Own Reply

Posted by RyanSepe

I have a meeting at 1PM today. Is there going to be an archive where I can listen to the broadcast after? Thanks,

In reply to: Re: Failure of Data Loss Prevention
Post Your Own Reply

Posted by Kelly Jackson Higgins

Me, too. Zach and Kelly Lum are still in working on this, so he may even have new info to share today as well as next week at Black Hat USA in Vegas.

In reply to: Re: Failure of Data Loss Prevention
Post Your Own Reply

Posted by theb0x

Looking forward to the broadcast!

In reply to: Re: Failure of Data Loss Prevention
Post Your Own Reply

Posted by Jeff Jerome

Great point about not being able to recreate authentication for your Biometrics. It's not like you can go out and get a new set of finger prints and like any other digitzed technology is can be compromised and repu...

In reply to: Re: biometrics - a bad idea from the start
Post Your Own Reply

Posted by Jeff Jerome

So if the US is not "Trusted" for security. Help me to understand who is considered trustworthy?

In reply to: Re: This is a U.S. technology problem that needs to be addressed!
Post Your Own Reply

Posted by Jeff Jerome

And how do we keep up with technology. There is so much change that it is almost impossible to keep up. Even if you assign verticles to groups it is an impossible task. My sense is know enough to know where...

In reply to: Re: What not to learn from the military
Post Your Own Reply

More Conversations

Security Insights

Microsoft, No-IP, And The Need For Clarity

The Microsoft vs. No-IP case highlights the need for clear standards of abuse handling and transparency on which service providers measure up.

0 comments
Read | Post a Comment

More Sophos Security Insights

Products & Releases

Experian Launches Platform For Managing Cross-Channel Fraud Risk

Bayshore Networks Extends PallatonCapabilities for High-Value IP Protection

Microsoft and Akamai Join Forces in First Cyber-Security Focused Accelerator in Israel

Cyber security and big data innovator ThetaRay closes $10m oversubscribed series B funding round

Android Fake ID Vulnerability Lets Malware Impersonate Trusted Applications, Puts All Android Since January 2010 At Risk

Business and IT Emerge as Essential Allies in the Move to Social IDs and 'Bring Your Own Identity'

IT Security Pros Surveyed: Poor password management leaves accounts open to attack

New Windows App to Detect WiFi Security

More Products & Releases

PR Newswire

Hot Topics

Editors' Choice

Internet of Things: 4 Security Tips From The Military

Michael K. Daly, CTO, Cybersecurity & Special Missions, Raytheon Intelligence, Information & Services, 7/25/2014

RAM Scraper Malware: Why PCI DSS Can't Fix Retail

Brian Riley, Technical Director, Government Programs, Green Hills Software, 7/23/2014

Passwords Be Gone! Removing 4 Barriers To Strong Authentication

Phillip M. Dunkelberger, President & CEO, Nok Nok Labs, 7/24/2014

Live Events

Webinars

More UBM Tech
Live Events

Come to Interop New York, Sept 29 - Oct 3, 2014

Learn to Maximize Your Next-Gen Network Investments

Tower & Small Cell Summit

Dark Reading Radio

Archived Dark Reading Radio

Botnet Takedowns: Who's Winning, Who's Losing

Sara Peters hosts a conversation on Botnets and those who fight them.

UPCOMING!
Wednesday, July 30, 1pm EDT
Data Loss Prevention (DLP) FAIL

UPCOMING!
Wednesday, August 6, 1pm EDT
Dark Reading Radio LIVE from Black Hat 2014

UPCOMING!
Wednesday, August 6, 8pm EDT
Dark Reading Radio LIVE from Black Hat 2014

UPCOMING!
Thursday, August 7, 1pm EDT
Dark Reading Radio LIVE from Black Hat 2014

UPCOMING!
Thursday, August 7, 7pm EDT
Dark Reading Radio LIVE from Black Hat 2014

FULL SCHEDULE | ARCHIVED SHOWS

Flash Poll

All Polls

White Papers

Using Cyber Insurance and Cybercrime Data to Limit Your Business Risk

5 Tips to Secure Small Business Backdoors in the Enterprise Supply Chain

Intelligent Compliance White Paper

Creating the Best-of-Breed DDI Solution in a Microsoft Environment

The Public Sector Cloud Perspective

More White Papers

Current Issue

Dark Reading Must Reads July 15, 2014

Download This Issue!

Subscribe Now!

Back Issues | Must Reads

Bug Report

Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database

CVE-2014-0914

Published: 2014-07-30
Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 6.2 through 6.2.8 and 6.x and 7.x through 7.5.0.6, Maximo Asset Management 7.5 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk, and Maximo Asset Management 6.2 through 6.2.8 for Tivoli IT Asset Management f...

CVE-2014-0915

Published: 2014-07-30
Multiple cross-site scripting (XSS) vulnerabilities in IBM Maximo Asset Management 6.2 through 6.2.8, 6.x and 7.1 through 7.1.1.2, and 7.5 through 7.5.0.6; Maximo Asset Management 7.5 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk; and Maximo Asset Management 6.2 through 6.2.8...

CVE-2014-0947

Published: 2014-07-30
Unspecified vulnerability in the server in IBM Rational Software Architect Design Manager 4.0.6 allows remote authenticated users to execute arbitrary code via a crafted update site.

CVE-2014-0948

Published: 2014-07-30
Unspecified vulnerability in IBM Rational Software Architect Design Manager and Rational Rhapsody Design Manager 3.x and 4.x before 4.0.7 allows remote authenticated users to execute arbitrary code via a crafted ZIP archive.

CVE-2014-3025

Best of the Web

Serious security issues affect 14 of 17 major antivirus engines

Instasheep--Instagram Hacking Tool Released

Tor security advisory: "relay early" traffic confirmation attack

Free, Worldwide, Encrypted Phone Calls for iPhone

Hacker Breached NOAA Satellite Data From Contractor's PC

Reports

Infographics

DevOps’ Impact on Application Security

Managing the interdependency between software and infrastructure is a thorny challenge. Often, it’s a “developers are from Mars, systems engineers are from Venus” situation.

Download Now!

More Reports

Slideshows

7 Black Hat Sessions Sure To Cause A Stir

9 comments | Read | Post a Comment

Ransomware: 5 Threats To Watch

6 Things That Stink About SSL