Heartbleed: A Password Manager Reality Check
Poll: Dark Reading Community Acts On Heartbleed
Did A Faulty Memory Feature Lead To Heartbleed?
The Real Wakeup Call From Heartbleed
Mobility: Who Bears The Brunt Of Data Security & Privacy
News & Commentary
Michaels Retail Chain Reveals Details Of Breach: Nearly 3M Affected
Tim Wilson, Editor in Chief, Dark ReadingQuick Hits
Attack on point-of-sale systems went on for more than six months, officials say.
By Tim Wilson Editor in Chief, Dark Reading, 4/18/2014
Comment1 Comment  |  Read  |  Post a Comment
Poll: Dark Reading Community Acts On Heartbleed
Marilyn Cohodas, Community Editor, Dark ReadingCommentary
Roughly 60 percent of respondents to our flash poll have installed the Heartbeat fix or are in the process of doing so.
By Marilyn Cohodas Community Editor, Dark Reading, 4/18/2014
Comment0 comments  |  Read  |  Post a Comment
Heartbleed: A Password Manager Reality Check
Mathew J. Schwartz, News
Is a password manager an effective defense against vulnerabilities like Heartbleed, or just another way to lose data to hackers?
By Mathew J. Schwartz , 4/18/2014
Comment6 comments  |  Read  |  Post a Comment
Phishers Recruit Home PCs
Brian Prince, Contributing Writer, Dark ReadingNews
Residential broadband machines spotted hosting phishing attacks.
By Brian Prince Contributing Writer, Dark Reading, 4/18/2014
Comment2 comments  |  Read  |  Post a Comment
SQL Injection Cleanup Takes Two Months or More
Kelly Jackson Higgins, Senior Editor, Dark ReadingQuick Hits
A new report highlights the prevalence and persistence of SQL injection attacks.
By Kelly Jackson Higgins Senior Editor, Dark Reading, 4/17/2014
Comment0 comments  |  Read  |  Post a Comment
Satellite Communications Wide Open To Hackers
Kelly Jackson Higgins, Senior Editor, Dark ReadingNews
Satellite terminals widely used in transportation, military, and industrial plants contain backdoors, hardcoded credentials, weak encryption algorithms, and other design flaws, a new report says.
By Kelly Jackson Higgins Senior Editor, Dark Reading, 4/17/2014
Comment2 comments  |  Read  |  Post a Comment
11 Heartbleed Facts: Vulnerability Discovery, Mitigation Continue
Mathew J. Schwartz, News
Millions of websites, applications from Cisco and VMware, Google Play apps, as well as millions of Android devices are vulnerable -- and the list keeps growing.
By Mathew J. Schwartz , 4/17/2014
Comment1 Comment  |  Read  |  Post a Comment
Microsoft Delays Enterprise Windows 8.1 Support Doomsday
Mathew J. Schwartz, News
Responding to criticism, Microsoft gives businesses until August to adopt Windows 8.1 Update and continue receiving security updates. Consumers still face May 13 deadline.
By Mathew J. Schwartz , 4/17/2014
Comment1 Comment  |  Read  |  Post a Comment
How A Little Obscurity Can Bolster Security
Corey Nachreiner, Director, Security Strategy & Research, WatchGuard TechnologiesCommentary
Most security professionals deride the idea of "security by obscurity." Is it time to re-evaluate the conventional wisdom?
By Corey Nachreiner Director, Security Strategy & Research, WatchGuard Technologies, 4/17/2014
Comment17 comments  |  Read  |  Post a Comment
Did A Faulty Memory Feature Lead To Heartbleed?
Kelly Jackson Higgins, Senior Editor, Dark ReadingNews
Debate arises over an older memory allocation feature in OpenSSL, and the OpenBSD community starts to tear down and revise the crypto software for its own use.
By Kelly Jackson Higgins Senior Editor, Dark Reading, 4/16/2014
Comment4 comments  |  Read  |  Post a Comment
The Real Wakeup Call From Heartbleed
Jeff Williams, CTO, Contrast SecurityCommentary
There's nothing special about Heartbleed. Itís another flaw in a popular library that exposed a lot of servers to attack. The danger lies in the way software libraries are built and whether they can be trusted.
By Jeff Williams CTO, Contrast Security, 4/16/2014
Comment9 comments  |  Read  |  Post a Comment
Smartphone Kill Switches Coming, But Critics Cry Foul
Thomas Claburn, Editor-at-LargeCommentary
Smartphone makers and carriers agree to add optional kill switches to smartphones, but law enforcement officials say the anti-theft effort doesn't go far enough.
By Thomas Claburn Editor-at-Large, 4/16/2014
Comment18 comments  |  Read  |  Post a Comment
Mobility: Who Bears The Brunt Of Data Security & Privacy
Grayson Milbourne, Director, Security Intelligence, WebrootCommentary
OS manufacturers, app developers, and consumers all have a role to play in smartphone data security. But not everyone is equally responsible.
By Grayson Milbourne Director, Security Intelligence, Webroot, 4/16/2014
Comment3 comments  |  Read  |  Post a Comment
Don't Blame It On The Web Programming Platform
Kelly Jackson Higgins, Senior Editor, Dark ReadingQuick Hits
New data shows no one Web development platform generates more vulnerabilities than another -- and website security is still a problem.
By Kelly Jackson Higgins Senior Editor, Dark Reading, 4/15/2014
Comment3 comments  |  Read  |  Post a Comment
White House Details Zero-Day Bug Policy
Mathew J. Schwartz, News
NSA denies prior knowledge of the Heartbleed vulnerability, but the White House reserves the right to withhold zero-day exploit information in some cases involving security or law enforcement.
By Mathew J. Schwartz , 4/15/2014
Comment3 comments  |  Read  |  Post a Comment
Active Directory Is Dead: 3 Reasons
Thomas Pedersen, CEO & Founder, OneLoginCommentary
These days, Active Directory smells gangrenous to innovative companies born in the cloud and connecting customers, employees, and partners across devices at light speed.
By Thomas Pedersen CEO & Founder, OneLogin, 4/15/2014
Comment25 comments  |  Read  |  Post a Comment
Heartbleed's Intranet & VPN Connection
Kelly Jackson Higgins, Senior Editor, Dark ReadingNews
How the game-changing crypto bug affects internal servers, clients, and VPN networks -- and what to do about it.
By Kelly Jackson Higgins Senior Editor, Dark Reading, 4/14/2014
Comment4 comments  |  Read  |  Post a Comment
Akamai Withdraws Proposed Heartbleed Patch
Mathew J. Schwartz, News
As researchers demonstrate OpenSSL bug exploits that retrieve private keys, Akamai rescinds a patch suggestion for the SSL/TLS library after a security researcher punches holes in it.
By Mathew J. Schwartz , 4/14/2014
Comment2 comments  |  Read  |  Post a Comment
'Baby Teeth' In Infrastructure Cyber Security Framework
Dave Frymier, Chief Information Security Officer, UnisysCommentary
NISTís modest effort to improve lax security around IT infrastructure in airports, utilities, and other critical areas now heads to Congress. Don't hold your breath.
By Dave Frymier Chief Information Security Officer, Unisys, 4/14/2014
Comment6 comments  |  Read  |  Post a Comment
Iranian-Based Cyberattack Activity On The Rise, Mandiant Report Says
Brian Prince, Contributing Writer, Dark ReadingNews
New report details the rise of suspected Iranian and Syrian-based cyber-attacks.
By Brian Prince Contributing Writer, Dark Reading, 4/11/2014
Comment2 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Security Insights
Preying On A Predator
Preying On A Predator
Mac OS X Snow Leopard is perfectly positioned to be the next target for cybercriminals.
Comment0 comments
Read | Post a Comment
More Sophos Security Insights
PR Newswire
Hello. We were unable to find the address you requested. You may search for the content you are seeking using our search form or email technical support with any questions.
Active Directory Is Dead: 3 Reasons
Thomas Pedersen, CEO & Founder, OneLogin,  4/15/2014
How A Little Obscurity Can Bolster Security
Corey Nachreiner, Director, Security Strategy & Research, WatchGuard Technologies,  4/17/2014
The Real Wakeup Call From Heartbleed
Jeff Williams, CTO, Contrast Security,  4/16/2014
Register for Dark Reading Newsletters
Cartoon
Latest Comment: LOL.
White Papers
Current Issue
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2011-3154
Published: 2014-04-17
DistUpgrade/DistUpgradeViewKDE.py in Update Manager before 1:0.87.31.1, 1:0.134.x before 1:0.134.11.1, 1:0.142.x before 1:0.142.23.1, 1:0.150.x before 1:0.150.5.1, and 1:0.152.x before 1:0.152.25.5 does not properly create temporary files, which allows local users to obtain the XAUTHORITY file conte...

CVE-2013-2143
Published: 2014-04-17
The users controller in Katello 1.5.0-14 and earlier, and Red Hat Satellite, does not check authorization for the update_roles action, which allows remote authenticated users to gain privileges by setting a user account to an administrator account.

CVE-2014-0036
Published: 2014-04-17
The rbovirt gem before 0.0.24 for Ruby uses the rest-client gem with SSL verification disabled, which allows remote attackers to conduct man-in-the-middle attacks via unspecified vectors.

CVE-2014-0054
Published: 2014-04-17
The Jaxb2RootElementHttpMessageConverter in Spring MVC in Spring Framework before 3.2.8 and 4.0.0 before 4.0.2 does not disable external entity resolution, which allows remote attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML, aka an XML External ...

CVE-2014-0071
Published: 2014-04-17
PackStack in Red Hat OpenStack 4.0 does not enforce the default security groups when deployed to Neutron, which allows remote attackers to bypass intended access restrictions and make unauthorized connections.

Best of the Web
Containing Corporate Data on Mobile Devices
Containing Corporate Data on Mobile Devices
If youíre still focused on securing endpoints, youíve got your work cut out for you. WiFi network provider iPass surveyed 1,600 mobile workers and found that the average US employee carries three devices -- a smartphone, a computer, and a tablet or e-reader -- with more than 80% of them doing work on personal devices.
Video
Slideshows
Twitter Feed