7 Reasons To Love Passwords
DR Radio: A Grown-Up Conversation About Passwords
Data Privacy Etiquette: It's Not Just For Kids
Privacy, Security & The Geography Of Data Protection
InfoSec Book Club: What's On Your Fall Reading List?
News & Commentary
Healthcare Needs Cybersecurity Leadership & Governance
Mansur Hasib, Contributing WriterCommentary
Cybersecurity breaches point to a bigger problem than inadequate security technology or processes. They point to failed leadership and governance strategies.
By Mansur Hasib Contributing Writer, 9/23/2014
Comment0 comments  |  Read  |  Post a Comment
Dark Reading Radio: Trends In Application Security
Marilyn Cohodas, Community Editor, Dark ReadingCommentary
How can we get more security baked into applications? Join us for a discussion Wednesday, September 24, at 1:00 p.m. New York, 10 a.m. San Francisco time.
By Marilyn Cohodas Community Editor, Dark Reading, 9/23/2014
Comment0 comments  |  Read  |  Post a Comment
Mobile-Only Employee Trend Could Break Security Models
Ericka Chickowski, Contributing Writer, Dark ReadingNews
One-third of employees exclusively use mobile devices for work, but security organizations still aren't shifting their risk management focus.
By Ericka Chickowski Contributing Writer, Dark Reading, 9/22/2014
Comment7 comments  |  Read  |  Post a Comment
The Truth About Ransomware: You’re On Your Own
Andrew Hay, Sr. Security Research Lead & Evangelist, OpenDNSCommentary
What should enterprises do when faced with ransomware? The answer is, it depends.
By Andrew Hay Sr. Security Research Lead & Evangelist, OpenDNS, 9/22/2014
Comment1 Comment  |  Read  |  Post a Comment
5 Top Tips For Outsourced Security
Lorna Garey, Content Director, InformationWeek Reports
It's one thing to hire a third-party developer to build a mobile app. It's quite another to trust a pen tester, MSSP, or DDoS protection firm. But the fact is, the threat landscape is complex, and few organizations can keep security completely in house. Here's how to decide what to outsource and select and manage providers.
By Lorna Garey Content Director, InformationWeek Reports, 9/22/2014
Comment2 comments  |  Read  |  Post a Comment
Google Plans To Encrypt Android Data By Default
Thomas Claburn, Editor-at-LargeCommentary
After Apple CEO Tim Cook talks up iOS8 data security, Google says the next version of Android will shield data on devices more effectively.
By Thomas Claburn Editor-at-Large, 9/20/2014
Comment12 comments  |  Read  |  Post a Comment
5 Ways To Think Outside The PCI Checkbox
Ericka Chickowski, Contributing Writer, Dark ReadingNews
New PCI Council GM plans to help organizations move their practices beyond compliance mentality into risk-based security.
By Ericka Chickowski Contributing Writer, Dark Reading, 9/19/2014
Comment6 comments  |  Read  |  Post a Comment
Home Depot Breach Surpasses Target In Scope
Brian Prince, Contributing Writer, Dark ReadingNews
New details have emerged about the breach affecting Home Depot, which exposed 56 million payment cards in stores in the US and Canada and utilized custom malware.
By Brian Prince Contributing Writer, Dark Reading, 9/19/2014
Comment5 comments  |  Read  |  Post a Comment
Mobile Device Security Isn't All About Devices
Sara Peters, Senior Editor at Dark ReadingCommentaryVideo
Roberto Medrano, executive vice president of SOA Software, explains why securing mobile applications and APIs is so essential.
By Sara Peters Senior Editor at Dark Reading, 9/19/2014
Comment2 comments  |  Read  |  Post a Comment
An AppSec Report Card: Developers Barely Passing
Jeff Williams, CTO, Aspect Security & Contrast SecurityCommentary
A new study reveals that application developers are getting failing grades when it comes to their knowledge of critical security such as how to protect sensitive data, Web services, and threat modeling.
By Jeff Williams CTO, Aspect Security & Contrast Security, 9/19/2014
Comment10 comments  |  Read  |  Post a Comment
Is Enterprise IT Security Ready For iOS 8?
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Apple bakes in more security features, but iOS 8 won't come without security ops headaches.
By Ericka Chickowski Contributing Writer, Dark Reading, 9/19/2014
Comment4 comments  |  Read  |  Post a Comment
Apple CEO: We Don't Covet Your Data
Thomas Claburn, Editor-at-LargeCommentary
Apple CEO Tim Cook highlights the company's commitment to privacy in an open letter.
By Thomas Claburn Editor-at-Large, 9/18/2014
Comment12 comments  |  Read  |  Post a Comment
5 Ways To Monitor DNS Traffic For Security Threats
Dave Piscitello, VP Security, ICANNCommentary
Check out these examples of how to implement real-time or offline traffic monitoring using common commercial or open source security products.
By Dave Piscitello VP Security, ICANN, 9/18/2014
Comment4 comments  |  Read  |  Post a Comment
Google Backs New Effort To Simplify Security
Kelly Jackson Higgins, Executive Editor at Dark ReadingQuick Hits
New organization Simply Secure aims to promote and shape more user-friendly security and privacy technologies on the Internet.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 9/18/2014
Comment12 comments  |  Read  |  Post a Comment
US Military In The Dark On Cyberattacks Against Contractors
Brian Prince, Contributing Writer, Dark ReadingNews
A lack of communication between military contractors and government agencies about Chinese cyber espionage attacks is revealed in a new Senate report.
By Brian Prince Contributing Writer, Dark Reading, 9/18/2014
Comment2 comments  |  Read  |  Post a Comment
Federal Inaction Breeds ID Theft, Says Frank Abagnale
David F Carr, Editor, InformationWeek Government/HealthcareCommentary
Onetime "Catch Me If You Can" swindler turned anti-fraud consultant says identity theft is "4,000 times easier" than when he was living a life of crime.
By David F Carr Editor, InformationWeek Government/Healthcare, 9/18/2014
Comment1 Comment  |  Read  |  Post a Comment
7 Reasons To Love Passwords
Sara Peters, Senior Editor at Dark Reading
Passwords are often ridiculed, but there are some reasons they should be your nearest and dearest authentication factor.
By Sara Peters Senior Editor at Dark Reading, 9/17/2014
Comment9 comments  |  Read  |  Post a Comment
Cyberspies Resuscitate Citadel Trojan For Petrochemical Attacks
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
The Citadel Trojan is a rare and odd choice of malware for cyber espionage purposes, experts say.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 9/17/2014
Comment5 comments  |  Read  |  Post a Comment
Facebook Developing App For Private Sharing
Kristin Burnham, Senior Editor, InformationWeek.comCommentary
Facebook's in-development "Moments" app could make sharing with small groups easier. Here's what we know, plus tips to manage friend lists now.
By Kristin Burnham Senior Editor, InformationWeek.com, 9/17/2014
Comment6 comments  |  Read  |  Post a Comment
How To Build Battle-Tested Websites
Joe Masters Emison, CTO, BuildFaxCommentary
It doesn't matter whether your e-commerce D-Day is Black Friday, tax day, or some random Thursday when a post goes viral. Your websites need to be ready.
By Joe Masters Emison CTO, BuildFax, 9/17/2014
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Security Insights
3 Places to Enable 2-Factor Authentication Now
3 Places to Enable 2-Factor Authentication Now
Two-factor authentication is a ubiquitous, mature technology. Whether or not you use it for your network, here are three external services for which you should immediately enable it.
Comment1 comments
Read | Post a Comment
More Sophos Security Insights
PR Newswire
Google Backs New Effort To Simplify Security
Kelly Jackson Higgins, Executive Editor at Dark Reading,  9/18/2014
An AppSec Report Card: Developers Barely Passing
Jeff Williams, CTO, Aspect Security & Contrast Security,  9/19/2014
7 Reasons To Love Passwords
Sara Peters, Senior Editor at Dark Reading,  9/17/2014
Register for Dark Reading Newsletters
Dark Reading Radio
Cartoon
White Papers
Current Issue
Dark Reading, September 16, 2014
Malicious software is morphing to be more targeted, stealthy, and destructive. Are you prepared to stop it?
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-6646
Published: 2014-09-23
The bellyhoodcom (aka com.tapatalk.bellyhoodcom) application 3.4.23 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

CVE-2014-6647
Published: 2014-09-23
The ElForro.com (aka com.tapatalk.elforrocom) application 2.4.3.10 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

CVE-2014-6648
Published: 2014-09-23
The iPhone4.TW (aka com.tapatalk.iPhone4TWforums) application 3.3.20 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

CVE-2014-6649
Published: 2014-09-23
The MyBroadband Tapatalk (aka com.tapatalk.mybroadbandcozavb) application 3.9.22 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

CVE-2014-6650
Published: 2014-09-23
The NextGenUpdate (aka com.tapatalk.nextgenupdatecomforums) application 3.1.6 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

Best of the Web
Title Partner’s Role in Perimeter Security
Title Partner’s Role in Perimeter Security
Considering how prevalent third-party attacks are, we need to ask hard questions about how partners and suppliers are safeguarding systems and data.
Flash Poll
Video
Slideshows
Twitter Feed