Dark Reading | Security | Protect The Business

Advertise With Us

About Us

Digital Subscription

Dark Reading Radio: The Winners & Losers of Botnet Takedowns

7 Black Hat Sessions Sure To Cause A Stir

Internet of Things: Security For A World Of Ubiquitous Computing

Infographic: With BYOD, Mobile Is The New Desktop

CEO Report Card: Low Grades for Risk Management

Top Stories

Dark Reading Radio: The Winners & Losers ...

7 Black Hat Sessions Sure To Cause A Stir

Internet of Things: Security For A World ...

Infographic: With BYOD, Mobile Is The New ...

CEO Report Card: Low Grades for Risk ...

News & Commentary

Researchers Develop 'BlackForest' to Collect, Correlate Threat Intelligence

Brian Prince, Contributing Writer, Dark Reading

News

Researchers at the Georgia Tech Research Institute develop the BlackForest system to help organizations uncover and anticipate cyberthreats.

By Brian Prince Contributing Writer, Dark Reading, 7/25/2014

0 comments | Read | Post a Comment

Internet of Things: 4 Security Tips From The Military

Michael K. Daly, CTO, Cybersecurity & Special Missions, Raytheon Intelligence, Information & Services

Commentary

The military has been connecting mobile command posts, unmanned vehicles, and wearable computers for decades. It’s time to take a page from their battle plan.

By Michael K. Daly CTO, Cybersecurity & Special Missions, Raytheon Intelligence, Information & Services, 7/25/2014

3 comments | Read | Post a Comment

Latest Comment: Marilyn Cohodas, Good point, Thanks. I've heard that voiced as a "poor practice" with enterprises...

Travel Agency Fined £150,000 for Violating Data Protection Act

News

That'll teach them not to retain credit card data in perpetuity.

By Sara Peters , 7/24/2014

1 Comment | Read | Post a Comment

Latest Comment: Thomas Claburn, When it comes to data storage, less is more.

Passwords Be Gone! Removing 4 Barriers To Strong Authentication

Phillip M. Dunkelberger, President & CEO, Nok Nok Labs

Commentary

As biometric factors become more prevalent on mobile devices, FIDO Alliance standards will gain traction as an industry-wide authentication solution.

By Phillip M. Dunkelberger President & CEO, Nok Nok Labs, 7/24/2014

3 comments | Read | Post a Comment

Latest Comment: Marilyn Cohodas, The article you are referring to @JonNLakeland is by David Kearns in: How...

7 Arrested, 3 More Indicted For Roles in Cyber Fraud Ring That Stung StubHub

News

Arrests made in New York state, London, Toronto, and Spain for money laundering, grand larceny, and using StubHub customers' credit cards to buy and sell 3,500 e-tickets to prime events.

By Sara Peters , 7/23/2014

3 comments | Read | Post a Comment

Latest Comment: RyanSepe, Never thought of it like that. That does make sense to a certain extent. However,...

RAM Scraper Malware: Why PCI DSS Can't Fix Retail

Brian Riley, Technical Director, Government Programs, Green Hills Software

Commentary

There is a gaping hole in the pre-eminent industry security standard aimed at protecting customers, credit card and personal data

By Brian Riley Technical Director, Government Programs, Green Hills Software, 7/23/2014

8 comments | Read | Post a Comment

Latest Comment: Marilyn Cohodas, That's a great call to action, @brianriley. Here are two links about how to...

Dark Reading Radio: The Winners & Losers of Botnet Takedowns

Commentary

Our guests are Cheri McGuire, VP of global government affairs and cyber security policy for Symantec, and Craig D. Spiezle, executive director and founder of the Online Trust Alliance.

By Sara Peters , 7/23/2014

0 comments | Read | Post a Comment

7 Black Hat Sessions Sure To Cause A Stir

At Black Hat, researchers will point out the weaknesses in everything from the satellites in outer space to the thermostat in your home.

By Ericka Chickowski Contributing Writer, Dark Reading, 7/22/2014

8 comments | Read | Post a Comment

Latest Comment: Marilyn Cohodas, Here is the schedule for Black Hat and also a list of speakers. The Dark Reading...

Nigerian 419 Scammers Evolving Into Malware Pushers (But Not Very Good Ones)

Quick Hits

"Silver Spaniel" attacks use commodity malware to damage others' security, but they aren't very good at protecting their own.

By Sara Peters , 7/22/2014

6 comments | Read | Post a Comment

Latest Comment: Marilyn Cohodas, As the parent of a 24-year old (who probably should know better), I'm not surprised...

Infographic: With BYOD, Mobile Is The New Desktop

Commentary

Security teams have no choice but to embrace the rapid proliferation of BYO devices, apps, and cloud services. To ignore it is to put your head in the sand.

By Adam Ely COO, Bluebox, 7/22/2014

8 comments | Read | Post a Comment

Latest Comment: RyanSepe, 14000 give or take a fluctuation of 500 because we are a teaching hospital...

Don't Overestimate EMV Protections, Underestimate Card Thief Sophistication

News

At Black Hat, an AccessData researcher will offer up a crash course in card payment tech and protections to root out security community misconceptions

By Ericka Chickowski Contributing Writer, Dark Reading, 7/21/2014

2 comments | Read | Post a Comment

Latest Comment: catvalencia, Now that debit card and credit card spending is growing; the door is open for...

Internet of Things: Security For A World Of Ubiquitous Computing

Candace Worley, SVP & GM, Endpoint Security, McAfee

Commentary

Endpoint security is hardly dead, and claiming that it is oversimplifies the challenges corporations face now and in the not-very-distant future.

By Candace Worley SVP & GM, Endpoint Security, McAfee, 7/21/2014

5 comments | Read | Post a Comment

Latest Comment: William L. Lind, The government should ensure about internet security. The use of the internet...

Hacking Your Hotel Room

News

At Black Hat USA next month, a researcher will show how to hack your way into controlling everything in a hotel room -- from lighting to television sets.

By Brian Prince Contributing Writer, Dark Reading, 7/18/2014

12 comments | Read | Post a Comment

Latest Comment: n0md3plum, I wear 6 proxies whenever I use hotel WiFi.

CEO Report Card: Low Grades for Risk Management

Marilyn Cohodas, Community Editor, Dark Reading

Commentary

Dark Reading's latest community poll shows a stunning lack of confidence in chief execs' commitment to cyber security.

By Marilyn Cohodas Community Editor, Dark Reading, 7/18/2014

12 comments | Read | Post a Comment

Latest Comment: Robert McDougal, While I agree having everyone accountable is an ideal situation I would still...

Government-Grade Stealth Malware In Hands Of Criminals

News

"Gyges" can be bolted onto other malware to hide it from anti-virus, intrusion detection systems, and other security tools.

By Sara Peters , 7/17/2014

12 comments | Read | Post a Comment

Latest Comment: Robert McDougal, I wonder how long until a real war is started as a result of a cyber attack....

Website Hacks Dropped During World Cup Final

Kelly Jackson Higgins, Senior Editor, Dark Reading

Quick Hits

Hackers apparently took time off to watch the Germany-Argentina title match of the 2014 FIFA World Cup.

By Kelly Jackson Higgins Senior Editor, Dark Reading, 7/17/2014

15 comments | Read | Post a Comment

Latest Comment: RyanSepe, I definitely think your statement regarding the non-world cup average being...

A New Age in Cyber Security: Public Cyberhealth

Commentary

The cleanup aimed at disrupting GameOver Zeus and CryptoLocker offers an instructive template for managing mass cyber infections.

By Brian Foster CTO, Damballa, 7/17/2014

5 comments | Read | Post a Comment

Latest Comment: Marilyn Cohodas, I totally agree, @Robert. I found the comparison to epidemiology very original...

Ransomware: 5 Threats To Watch

Cyber criminals have kicked it up a notch with nasty malware that locks you out of your machine and holds it for ransom.

By Kelly Jackson Higgins Senior Editor, Dark Reading, 7/17/2014

13 comments | Read | Post a Comment

Latest Comment: Robert McDougal, I think you are exactly correct. Sometimes I lose track that I see this...

Senate Hearing Calls for Changes to Cybercrime Law

News

In the wake of Microsoft's seizure of No-IP servers and domains, private and public sector representatives met to discuss what can be done to address the problem of botnets.

By Sara Peters , 7/16/2014

10 comments | Read | Post a Comment

Latest Comment: Robert McDougal, I tend to agree with this sentiment. I am seeing many foreign companies...

Passwords & The Future Of Identity: Payment Networks?

Andre Boysen, EVP, Digital Identity Evangelist, SecureKey

Commentary

The solution to the omnipresent and enduring password problem may be closer than you think.

By Andre Boysen EVP, Digital Identity Evangelist, SecureKey, 7/16/2014

17 comments | Read | Post a Comment

Latest Comment: andre.boysen, The issue of concentration risk comes up a lot. I agree that a simple...

More Stories

Current Conversations

Posted by Marilyn Cohodas

Good point, Thanks. I've heard that voiced as a "poor practice" with enterprises deaiing with BYOD... a precursor of what is coming with IoT.

In reply to: Re: What not to learn from the military
Post Your Own Reply

Posted by MichaelKDaly

One good lesson to learn (that is, what we should not do) comes from the poor practice of bringing multiple sources of information back to a centralized repository, particularly one that does not have data element...

In reply to: Re: What not to learn from the military
Post Your Own Reply

Posted by Marilyn Cohodas

The article you are referring to @JonNLakeland is by David Kearns in: How The Math Of Biometric Authentication Adds Up . You pretty much got his point across. He also noted: "Most of us have ten fingers –...

In reply to: Re: biometrics - a bad idea from the start
Post Your Own Reply

Posted by Marilyn Cohodas

Good blog, Michael. Thanks for your insight. Curious to know what you think is the one thing that InfoSec can learn from the military about what NOT to do with the IoT.

In reply to: What not to learn from the military
Post Your Own Reply

Posted by JonNLakeland

You can't change biometrics as *often* as some people change passwords, but that doesn't mean it can't be done. I'm certain I read another article either on InformationWeek or DarkReading that points out 1) Most people have...

In reply to: Re: biometrics - a bad idea from the start
Post Your Own Reply

Posted by itsec9987

I recommend a password manager such as RoboForm to regularly update passwords.

In reply to: RoboForm Password Manager
Post Your Own Reply

Posted by Marilyn Cohodas

Here is the schedule for Black Hat and also a list of speakers. The Dark Reading editorial team is also planning a series of radio shows based on a few of the more popular Black Hat sessions. So stay tuned. We'll keep you...

In reply to: Re: Dates and Times
Post Your Own Reply

Posted by Marilyn Cohodas

As the parent of a 24-year old (who probably should know better), I'm not surprised that that demographic is more susceptiable to a phishing attack. That's a very impulsive age at which point the "judgement" brain cells...

In reply to: Re: Executables in Emails?
Post Your Own Reply

Posted by Marilyn Cohodas

That's a great call to action, @brianriley. Here are two links about how to join the group of participating organizations and also about the companies that already belong.

In reply to: Re: Why PCI-DSS doesn't address Ram Scraper?
Post Your Own Reply

Posted by brianriley

Credit card data should be protected/encrypted at the earliest point in the transaction, the point of interaction. Moving the encryption to the card itself is yet another way to provide separation, moving some of the processing...

In reply to: Re: correcting POS processing
Post Your Own Reply

Posted by brianriley

In some operating systems, full administrator rights are not required to read memory from other processes. (Windows XP comes to mind.) On the opposite end of the spectrum, there are ways to build a system to limit...

In reply to: Re: Why PCI-DSS doesn't address Ram Scraper?
Post Your Own Reply

Posted by brianriley

The next version of the standard doesn't go into effect until 2017, so obviously nothing will change before then. The most common way to participate in the PCI standards development process is to become a PCI Security Standards...

In reply to: Re: Why PCI-DSS doesn't address Ram Scraper?
Post Your Own Reply

More Conversations

Security Insights

Microsoft, No-IP, And The Need For Clarity

The Microsoft vs. No-IP case highlights the need for clear standards of abuse handling and transparency on which service providers measure up.

0 comments
Read | Post a Comment

More Sophos Security Insights

Products & Releases

IT Security Pros Surveyed: Poor password management leaves accounts open to attack

New Windows App to Detect WiFi Security

Global Study: Nearly 30 Percent of Security Professionals Would Completely Overhaul Their Current Enterprise Security System Given Resources & Opportunity

Half of Security Professionals Think Java Applications are Vulnerable to Attacks

ZeroFOX to Spotlight Social Risk Management at Black Hat 2014

Solutionary SERT 2014 Q2 Threat Intelligence Report: Amazon-Hosted Malware Nearly Triples in First Half 2014

39 Percent of IT Organizations Experienced More Than Two Significant Security Incidents

General Dynamics Fidelis Cybersecurity Solutions Joins Forces with Microsoft to Further Protect Customers

More Products & Releases

PR Newswire

Hot Topics

Editors' Choice

Infographic: With BYOD, Mobile Is The New Desktop

Adam Ely, COO, Bluebox, 7/22/2014

7 Black Hat Sessions Sure To Cause A Stir

Ericka Chickowski, Contributing Writer, Dark Reading, 7/22/2014

RAM Scraper Malware: Why PCI DSS Can't Fix Retail

Brian Riley, Technical Director, Government Programs, Green Hills Software, 7/23/2014

Live Events

Webinars

More UBM Tech
Live Events

Join the Conference for 4G/LTE Professionals at CTIA

Come to Interop New York, Sept 29 - Oct 3, 2014

Learn to Maximize Your Next-Gen Network Investments

Dark Reading Radio

Archived Dark Reading Radio

Botnet Takedowns: Who's Winning, Who's Losing

Sara Peters hosts a conversation on Botnets and those who fight them.

UPCOMING!
Wednesday, July 30, 1pm EDT
Hack My Ride: The State of Car (In)Security

FULL SCHEDULE | ARCHIVED SHOWS

Flash Poll

All Polls

White Papers

Network Transformation: A Guide to Planning Your Journey to All-IP

Using Cyber Insurance and Cybercrime Data to Limit Your Business Risk

Intelligent Compliance White Paper

Preventing Data Center Downtime

White Book: Cloud Adoption - The Definitive Guide to a Business Technology Revolution

More White Papers

Current Issue

Dark Reading Must Reads July 15, 2014

Download This Issue!

Subscribe Now!

Back Issues | Must Reads

Bug Report

Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database

CVE-2014-2227

Published: 2014-07-25
The default Flash cross-domain policy (crossdomain.xml) in Ubiquiti Networks UniFi Video (formerly AirVision aka AirVision Controller) before 3.0.1 does not restrict access to the application, which allows remote attackers to bypass the Same Origin Policy via a crafted SWF file.

CVE-2014-5027

Published: 2014-07-25
Cross-site scripting (XSS) vulnerability in Review Board 1.7.x before 1.7.27 and 2.0.x before 2.0.4 allows remote attackers to inject arbitrary web script or HTML via a query parameter to a diff fragment page.

CVE-2014-5100

Published: 2014-07-25
Multiple cross-site request forgery (CSRF) vulnerabilities in Omeka before 2.2.1 allow remote attackers to hijack the authentication of administrators for requests that (1) add a new super user account via a request to admin/users/add, (2) insert cross-site scripting (XSS) sequences via the api_key_...

CVE-2014-5101

Published: 2014-07-25
Multiple cross-site scripting (XSS) vulnerabilities in WeBid 1.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) TPL_name, (2) TPL_nick, (3) TPL_email, (4) TPL_year, (5) TPL_address, (6) TPL_city, (7) TPL_prov, (8) TPL_zip, (9) TPL_phone, (10) TPL_pp_email, (11) TPL_authn...

CVE-2014-5102

Published: 2014-07-25
SQL injection vulnerability in vBulletin 5.0.4 through 5.1.3 Alpha 5 allows remote attackers to execute arbitrary SQL commands via the criteria[startswith] parameter to ajax/render/memberlist_items.

Best of the Web

Senator’s Bill Is Stricter on N.S.A. Than House’s

Mozilla Fixes Critical Security Holes In Firefox, Urges v31 Upgrade

Google under fire from regulators on EU privacy ruling

ECB Says Website Hacked, No Sensitive Data Affected

One Congressman’s Crusade To Save the World From Killer Robots

Reports

Infographics

DevOps’ Impact on Application Security

Managing the interdependency between software and infrastructure is a thorny challenge. Often, it’s a “developers are from Mars, systems engineers are from Venus” situation.

Download Now!

More Reports

Slideshows

7 Black Hat Sessions Sure To Cause A Stir

8 comments | Read | Post a Comment

Ransomware: 5 Threats To Watch

6 Things That Stink About SSL