Dark Reading | Security | Protect The Business

Advertise With Us

About Us

Digital Subscription

NFL Mobile Sports App Contains Super Bowl-Sized Vulns

Small Changes Can Make A Big Difference In Tech Diversity

Gas Stations Urged To Secure Internet-Exposed Fuel Tank Devices

Top Stories

NFL Mobile Sports App Contains Super ...

Small Changes Can Make A Big Difference ...

Why Iran Hacks

Gas Stations Urged To Secure ...

Cartoon: End-User Ed

News & Commentary

Google Paid Over $1.5 Million In Bug Bounties In 2014

Kelly Jackson Higgins, Executive Editor at Dark Reading

Quick Hits

Mobile apps developed by Google now included in its Vulnerability Reward Program.

By Kelly Jackson Higgins Executive Editor at Dark Reading, 1/30/2015

0 comments | Read | Post a Comment

How The Skills Shortage Is Killing Defense in Depth

David Holmes, World-Wide Security Evangelist, F5

Commentary

It used to be easy to sell specialized security gizmos but these days when a point product gets pitched to a CSO, the response is likely “looks nifty, but I don’t have the staff to deploy it.”

By David Holmes World-Wide Security Evangelist, F5, 1/30/2015

2 comments | Read | Post a Comment

Latest Comment: dholmesf5, You make an interesting point Thomas. Security personnel don't typically fall...

Takeaways from International Data Privacy Day: The Internet of Things

Event looks at the future of data use and how we can – and should – protect personal privacy.

By Lorie Wigle Vice President, General Manager IOT Security Solutions, Intel Security Group, 1/30/2015

0 comments | Read | Post a Comment

ZeroAccess Click-Fraud Botnet Back In Action Again

Sara Peters, Senior Editor at Dark Reading

News

After a six-month hiatus, the much-diminished P2P botnet is up to its old tricks.

By Sara Peters Senior Editor at Dark Reading, 1/29/2015

0 comments | Read | Post a Comment

Why Iran Hacks

Mike Walls, Managing Director Security Operations & Analysis, EdgeWave

Commentary

Iran is using its increasingly sophisticated cyber capabilities to minimize Western influence and establish itself as the dominant power in the Middle East.

By Mike Walls Managing Director Security Operations & Analysis, EdgeWave, 1/29/2015

6 comments | Read | Post a Comment

Latest Comment: anon2364494044, Mr author, Persia (Iran) has been there for more than 5000 thousands years,...

'Ghost' Not So Scary After All

Quick Hits

The latest open-source Linux vulnerability is serious but some security experts say it's not that easy to abuse and use in an attack.

By Kelly Jackson Higgins Executive Editor at Dark Reading, 1/28/2015

5 comments | Read | Post a Comment

Latest Comment: Marilyn Cohodas, Good point, @Joe Stanganelli. But outside the issue of secure application software...

Small Changes Can Make A Big Difference In Tech Diversity

Commentary

There’s no doubt that many employers feel most comfortable hiring people like themselves. But in InfoSec, this approach can lead to stagnation.

By Lysa Myers Security Researcher, ESET, 1/28/2015

2 comments | Read | Post a Comment

Latest Comment: Pragmatic_Security, Good article topic. I think this points to a deeper, causative, deficiency...

Half Of Enterprises Worldwide Hit By DDoS Attacks, Report Says

News

New data illustrates how distributed denial-of-service (DDoS) attacks remain a popular attack weapon -- and continue to evolve.

By Kelly Jackson Higgins Executive Editor at Dark Reading, 1/27/2015

2 comments | Read | Post a Comment

Latest Comment: Kelly Jackson Higgins, Hi @RyanSepe. Arbor's report shows DNS amplfication attacks dropping a bit...

WiIl Millennials Be The Death Of Data Security?

Commentary

Millennials, notoriously promiscuous with data and devices, this year will become the largest generation in the workforce. Is your security team prepared?

By Chris Rouland Founder & CEO, Bastille, 1/27/2015

32 comments | Read | Post a Comment

Latest Comment: Pragmatic_Security, Kelly, Although do agree (I noticed I've been typing a superflous 'do' in...

NFL Mobile Sports App Contains Super Bowl-Sized Vulns

Ericka Chickowski, Contributing Writer, Dark Reading

News

Lack of protections puts users at risk of exposed information by way of man-in-the-middle attacks.

By Ericka Chickowski Contributing Writer, Dark Reading, 1/27/2015

9 comments | Read | Post a Comment

Latest Comment: Broadway0474, sonofsaf, a "stampede"? Did I miss something? How would that be generated?...

Gas Stations Urged To Secure Internet-Exposed Fuel Tank Devices

News

Researchers find more than 5,000 US gas stations' automated tank gauges unprotected on the public Internet and open to hackers.

By Kelly Jackson Higgins Executive Editor at Dark Reading, 1/26/2015

9 comments | Read | Post a Comment

Latest Comment: Kelly Jackson Higgins, @Joe Stanganelli, their suppliers (oil companies) and partners (environmental...

Power Consumption Technology Could Help Enterprises Identify Counterfeit Devices

Tim Wilson, Editor in Chief, Dark Reading

Commentary

Understanding a device's "power fingerprint" might make it possible to detect security anomalies in Internet of Things as well, startup says

By Tim Wilson Editor in Chief, Dark Reading, 1/26/2015

1 Comment | Read | Post a Comment

Latest Comment: Marilyn Cohodas, Fascinating blog, Tim. Very cool intrusion detection technology. Seems like...

Security Skills Shortage? Don’t Panic!

Focus your energies on building a comprehensive security strategy and turning to experts for guidance.

By Carric Dooley WW VP of Foundstone Services, Intel Security, 1/26/2015

5 comments | Read | Post a Comment

latest comment Marilyn Cohodas I like that idea of having a hacker actually demonstrate how easy it is for...

Adobe Fixes Second Flash Flaw Exploited By Angler

News

Second 0-day fix addresses UAF vulnerability.

By Ericka Chickowski Contributing Writer, Dark Reading, 1/26/2015

1 Comment | Read | Post a Comment

Latest Comment: Kelly Jackson Higgins, http://helpx.adobe.com/security/products/flash-player/apsb15-03.html

Building A Cybersecurity Program: 3 Tips

Jason Sachowski, Senior Forensic Investigator, Scotiabank

Commentary

Getting from “we need” to “we have” a cybersecurity program is an investment in time and resources that’s well worth the effort.

By Jason Sachowski Senior Forensic Investigator, Scotiabank, 1/26/2015

6 comments | Read | Post a Comment

Latest Comment: JGarner721, The most valuable asset to an organization is the informational assets. If...

Growing Open Source Use Heightens Enterprise Security Risks

News

Companies often have little clue about the extent of third-party code in the enterprise or the risks it poses, security experts say

By Jai Vijayan Freelance writer, 1/23/2015

10 comments | Read | Post a Comment

Latest Comment: Jon M. Kelley, I keep seeing discussions about commercial versus open source software, but...

Why Russia Hacks

Commentary

Conventional wisdom holds that Russia hacks primarily for financial gain. But equally credible is the belief that the Russians engage in cyberwarfare to further their geopolitical ambitions.

By Mike Walls Managing Director Security Operations & Analysis, EdgeWave, 1/23/2015

16 comments | Read | Post a Comment

Latest Comment: lynnbr2, Russia & China both have a long history of hacking for over fifty years....

Diverse White Hat Community Leads To Diverse Vuln Disclosures

News

Researchers at Penn State find that courting new bug hunters is just as important as rewarding seasoned ones.

By Sara Peters Senior Editor at Dark Reading, 1/22/2015

6 comments | Read | Post a Comment

Latest Comment: Marilyn Cohodas, The key to the success of these bug-bounty programs relies on the credibility...

The Internet of Abused Things

We need to find ways to better secure the Internet of Things, or be prepared to face the consequences.

By Liviu Arsene Senior E-threat Analyst, Bitdefender, 1/22/2015

0 comments | Read | Post a Comment

NSA Report: How To Defend Against Destructive Malware

Quick Hits

In the wake of the Sony breach, spy agency's Information Assurance Directorate (IAD) arm provides best practices to mitigate damage of data annihilation attacks.

By Kelly Jackson Higgins Executive Editor at Dark Reading, 1/22/2015

3 comments | Read | Post a Comment

Latest Comment: macker490, 1. use a secure O/S. 2. look into using Named Spaces remember that in implementing...

More Stories

Current Conversations

Posted by dholmesf5

You make an interesting point Thomas. Security personnel don't typically fall within a profit center (sometimes, but not usually) which makes valuation even more difficult. But in my experience, it is quite difficult to...

In reply to: Re: shortage or cheapness?
Post Your Own Reply

Posted by Thomas Claburn

Companies gladly shellout millions for executive suite personnel who often aren't paid for performance. Maybe computer security professionals are just wildly underpaid compared to the actual value they bring to a company...

In reply to: shortage or cheapness?
Post Your Own Reply

Posted by Pragmatic_Security

Kelly, Although do agree (I noticed I've been typing a superflous 'do' in front of everything... I'm becoming a flight attendant) "I'll just get a new debit card" is probably the pervasive attitude for user consumers, I...

In reply to: Re: Ok Millennials, defend yourselves!
Post Your Own Reply

Posted by LoriWigle

Thank you for the thoughtful comment. We very much agree with you on the importance of power consumption as a system constraint and potential inhibitor to strong security. Our researchers in Intel Labs are looking...

In reply to: Re: Not enough power to do what is needed
Post Your Own Reply

Posted by anon2364494044

Mr author, Persia (Iran) has been there for more than 5000 thousands years, still in most part of middle east and central asia or other parts of that region Iranian influnces are quite tangeble from food to customs or traditions....

In reply to: iran`s influnce
Post Your Own Reply

Posted by Pragmatic_Security

Good article topic. I think this points to a deeper, causative, deficiency regarding information security practice. Anyone with experience working in an IT shop (put a pin in that one) knows that it is dominated by...

In reply to: Causation...
Post Your Own Reply

Posted by Marilyn Cohodas

Thanks for reposting @Pragmatic_Security. My fingers had a "proglem" with the keyboard and I accidently deleted your post, instead of approving it!

In reply to: Re: More connected or less concerned?
Post Your Own Reply

Posted by Pragmatic_Security

Thanks, Marilyn. Original text (edit of my 'proglems' typo rejected) As information security professionals, it's onus is on us to secure what people DO, not what WE WANT THEM TO DO. Individuals...

In reply to: Re: More connected or less concerned?
Post Your Own Reply

Posted by Marilyn Cohodas

That's often where the best innovation comes from! Thanks @Pragmatic_Security!

In reply to: Re: More connected or less concerned?
Post Your Own Reply

Posted by Pragmatic_Security

In my typographical errors I've invented a new, awesome word.. "Proglems". 'Proglems = Progressive Problems' Sometimes when you fail, something awesome happens.

In reply to: Re: More connected or less concerned?
Post Your Own Reply

Posted by Marilyn Cohodas

Get with it guys, who doesn't want new proglems to solve?.. Isn't this the whole reason we got into the field? Definitely represents a lot of job security, for sure!

In reply to: Re: More connected or less concerned?
Post Your Own Reply

Posted by Marilyn Cohodas

Good point, @Joe Stanganelli. But outside the issue of secure application software development is the issue of patching, especially in this particular instance where there a patch is available for all of the affected Linux...

In reply to: Re: open-source bug exposure
Post Your Own Reply

More Conversations

Products & Releases

IBM Research Announces Cloud Breakthrough For Protecting Personal Data

ZeroFOX Acquires Vulnr

Proofpoint Releases Enterprise Protection Suite 8.0, Advances Email Security Leadership

Virtru Announces General Availability of its Encrypted Email and Digital Privacy Service

Ed Survey Results: Insider Threats

Verizon Announces Security Enhancement for IoT Deployments

New Patent Eliminates Passwords

CYBERTECH SPONSORING “DATA PRIVACY DAY 2015: SECURING THE INTERNET OF THINGS” NATIONAL SEMINAR

More Products & Releases

PR Newswire

Hot Topics

Editors' Choice

WiIl Millennials Be The Death Of Data Security?

Chris Rouland, Founder & CEO, Bastille, 1/27/2015

Gas Stations Urged To Secure Internet-Exposed Fuel Tank Devices

Kelly Jackson Higgins, Executive Editor at Dark Reading, 1/26/2015

NFL Mobile Sports App Contains Super Bowl-Sized Vulns

Ericka Chickowski, Contributing Writer, Dark Reading, 1/27/2015

Partner Perspectives

What's This?

Takeaways from International Data Privacy Day: The Internet of Things

Event looks at the future of data use and how we can - and should - protect personal privacy. Read >>

Security Skills Shortage? Don’t Panic!

5 comments

Protect Yourself by Protecting Others

0 comments

More Stories

Live Events

Webinars

More UBM Tech
Live Events

Join Security Experts at Black Hat Asia 2015

Cyber Security Crash Course - One Day Summit Led by Dark Reading Editors

Solving Business Problems with Neural Networks

Cartoon

Latest Comment: I want to know where to get a tablet with that large a screen!(Maybe they're the old "convertibles.")

Cartoon Archive

Dark Reading Radio

Archived Dark Reading Radio

The Sony Hack: A Security Community Discussion

If you’re a security professional, you’ve probably been asked many questions about the December attack on Sony. On Jan. 21 at 1pm eastern, you can join a special, one-hour Dark Reading Radio discussion devoted to the Sony hack and the issues that may arise from it.

FULL SCHEDULE | ARCHIVED SHOWS

White Papers

Capitalizing On Big Data: Managed Services Help Financial Firms Accelerate Big Data Projects

Hybrid Model Eases Path to Cloud Adoption

The Failure of Cloud Information Governance

Implementing SAP Security Solutions

Stop Attackers from Getting What They Want with Context-Based Authentication

More White Papers

Current Issue

Dark Reading Tech Digest, Dec. 19, 2014

Software-defined networking can be a net plus for security. The key: Work with the network team to implement gradually, test as you go, and take the opportunity to overhaul your security strategy.

Download This Issue!

Subscribe Now!

Back Issues | Must Reads

Bug Report

Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database

CVE-2014-4467

Published: 2015-01-30
WebKit, as used in Apple iOS before 8.1.3, does not properly determine scrollbar boundaries during the rendering of FRAME elements, which allows remote attackers to spoof the UI via a crafted web site.

CVE-2014-4476

Published: 2015-01-30
WebKit, as used in Apple iOS before 8.1.3; Apple Safari before 6.2.3, 7.x before 7.1.3, and 8.x before 8.0.3; and Apple TV before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulner...

CVE-2014-4477

CVE-2014-4479

CVE-2014-4480

Published: 2015-01-30
Directory traversal vulnerability in afc in AppleFileConduit in Apple iOS before 8.1.3 and Apple TV before 7.0.3 allows attackers to access unintended filesystem locations by creating a symlink.

Best of the Web

This 125-Year-old Letter Sheds New Light On the Word ‘Hack’

Dutch judge allows alleged “sophisticated” Russian hacker to be sent to US

IBM punts cryptotastic cloudy ID verification services

iTunes Connect taken offline as bug causes users to log in to wrong accounts

US Firms Concerned About China's New Cyber Regulations

Reports

Infographics

10 Recommendations for Outsourcing Security

Enterprises today have a wide range of third-party options to help improve their defenses, including MSSPs, auditing and penetration testing, and DDoS protection. But are there situations in which a service provider might actually increase risk?

Download Now!

Title Partner’s Role in Perimeter Security

0 comments

Threat Intel Today

0 comments

DevOps’ Impact on Application Security

0 comments

More Reports