7 Reasons To Love Passwords
DR Radio: A Grown-Up Conversation About Passwords
Data Privacy Etiquette: It's Not Just For Kids
Privacy, Security & The Geography Of Data Protection
InfoSec Book Club: What's On Your Fall Reading List?
News & Commentary
Google Plans To Encrypt Android Data By Default
Thomas Claburn, Editor-at-LargeCommentary
After Apple CEO Tim Cook talks up iOS8 data security, Google says the next version of Android will shield data on devices more effectively.
By Thomas Claburn Editor-at-Large, 9/20/2014
Comment1 Comment  |  Read  |  Post a Comment
5 Ways To Think Outside The PCI Checkbox
Ericka Chickowski, Contributing Writer, Dark ReadingNews
New PCI Council GM plans to help organizations move their practices beyond compliance mentality into risk-based security.
By Ericka Chickowski Contributing Writer, Dark Reading, 9/19/2014
Comment2 comments  |  Read  |  Post a Comment
Home Depot Breach Surpasses Target In Scope
Brian Prince, Contributing Writer, Dark ReadingNews
New details have emerged about the breach affecting Home Depot, which exposed 56 million payment cards in stores in the US and Canada and utilized custom malware.
By Brian Prince Contributing Writer, Dark Reading, 9/19/2014
Comment1 Comment  |  Read  |  Post a Comment
Mobile Device Security Isn't All About Devices
Sara Peters, Senior Editor at Dark ReadingCommentaryVideo
Roberto Medrano, executive vice president of SOA Software, explains why securing mobile applications and APIs is so essential.
By Sara Peters Senior Editor at Dark Reading, 9/19/2014
Comment0 comments  |  Read  |  Post a Comment
An AppSec Report Card: Developers Barely Passing
Jeff Williams, CTO, Aspect Security & Contrast SecurityCommentary
A new study reveals that application developers are getting failing grades when it comes to their knowledge of critical security such as how to protect sensitive data, Web services, and threat modeling.
By Jeff Williams CTO, Aspect Security & Contrast Security, 9/19/2014
Comment10 comments  |  Read  |  Post a Comment
Is Enterprise IT Security Ready For iOS 8?
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Apple bakes in more security features, but iOS 8 won't come without security ops headaches.
By Ericka Chickowski Contributing Writer, Dark Reading, 9/19/2014
Comment4 comments  |  Read  |  Post a Comment
Apple CEO: We Don't Covet Your Data
Thomas Claburn, Editor-at-LargeCommentary
Apple CEO Tim Cook highlights the company's commitment to privacy in an open letter.
By Thomas Claburn Editor-at-Large, 9/18/2014
Comment11 comments  |  Read  |  Post a Comment
5 Ways To Monitor DNS Traffic For Security Threats
Dave Piscitello, VP Security, ICANNCommentary
Check out these examples of how to implement real-time or offline traffic monitoring using common commercial or open source security products.
By Dave Piscitello VP Security, ICANN, 9/18/2014
Comment4 comments  |  Read  |  Post a Comment
Google Backs New Effort To Simplify Security
Kelly Jackson Higgins, Executive Editor at Dark ReadingQuick Hits
New organization Simply Secure aims to promote and shape more user-friendly security and privacy technologies on the Internet.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 9/18/2014
Comment12 comments  |  Read  |  Post a Comment
US Military In The Dark On Cyberattacks Against Contractors
Brian Prince, Contributing Writer, Dark ReadingNews
A lack of communication between military contractors and government agencies about Chinese cyber espionage attacks is revealed in a new Senate report.
By Brian Prince Contributing Writer, Dark Reading, 9/18/2014
Comment1 Comment  |  Read  |  Post a Comment
Federal Inaction Breeds ID Theft, Says Frank Abagnale
David F Carr, Editor, InformationWeek Government/HealthcareCommentary
Onetime "Catch Me If You Can" swindler turned anti-fraud consultant says identity theft is "4,000 times easier" than when he was living a life of crime.
By David F Carr Editor, InformationWeek Government/Healthcare, 9/18/2014
Comment1 Comment  |  Read  |  Post a Comment
7 Reasons To Love Passwords
Sara Peters, Senior Editor at Dark Reading
Passwords are often ridiculed, but there are some reasons they should be your nearest and dearest authentication factor.
By Sara Peters Senior Editor at Dark Reading, 9/17/2014
Comment4 comments  |  Read  |  Post a Comment
Cyberspies Resuscitate Citadel Trojan For Petrochemical Attacks
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
The Citadel Trojan is a rare and odd choice of malware for cyber espionage purposes, experts say.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 9/17/2014
Comment5 comments  |  Read  |  Post a Comment
Facebook Developing App For Private Sharing
Kristin Burnham, Senior Editor, InformationWeek.comCommentary
Facebook's in-development "Moments" app could make sharing with small groups easier. Here's what we know, plus tips to manage friend lists now.
By Kristin Burnham Senior Editor, InformationWeek.com, 9/17/2014
Comment6 comments  |  Read  |  Post a Comment
How To Build Battle-Tested Websites
Joe Masters Emison, CTO, BuildFaxCommentary
It doesn't matter whether your e-commerce D-Day is Black Friday, tax day, or some random Thursday when a post goes viral. Your websites need to be ready.
By Joe Masters Emison CTO, BuildFax, 9/17/2014
Comment0 comments  |  Read  |  Post a Comment
Data Privacy Etiquette: It's Not Just For Kids
Lysa Myers, Security Researcher, ESETCommentary
Children are the innocent victims of the worst effects of social media. That’s why it’s vital for adults to establish privacy values that are safe for them -- and the rest of us.
By Lysa Myers Security Researcher, ESET, 9/17/2014
Comment9 comments  |  Read  |  Post a Comment
Meet The Next Next-Gen Firewall
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Or at least the latest iteration of one of the oldest-running security tools that continues to evolve and transform with the times.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 9/16/2014
Comment3 comments  |  Read  |  Post a Comment
Browser Vulnerability 'Privacy Disaster' For 3 Of 4 Android Users
Sara Peters, Senior Editor at Dark ReadingQuick Hits
An exploit of an unsupported Android browser bypasses the ever-important Same Origin Policy.
By Sara Peters Senior Editor at Dark Reading, 9/16/2014
Comment1 Comment  |  Read  |  Post a Comment
New CVE Naming Convention Could Break Vulnerability Management
Ericka Chickowski, Contributing Writer, Dark ReadingNews
MITRE sets deadline for releasing new CVEs with different ID format syntax, regardless of how many vulnerabilities we see in 2014.
By Ericka Chickowski Contributing Writer, Dark Reading, 9/16/2014
Comment0 comments  |  Read  |  Post a Comment
DR Radio: A Grown-Up Conversation About Passwords
Sara Peters, Senior Editor at Dark ReadingCommentary
Cormac Herley of Microsoft Research will challenge everything you think you know about password management.
By Sara Peters Senior Editor at Dark Reading, 9/16/2014
Comment7 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Security Insights
3 Places to Enable 2-Factor Authentication Now
3 Places to Enable 2-Factor Authentication Now
Two-factor authentication is a ubiquitous, mature technology. Whether or not you use it for your network, here are three external services for which you should immediately enable it.
Comment1 comments
Read | Post a Comment
More Sophos Security Insights
PR Newswire
Hello. We were unable to find the address you requested. You may search for the content you are seeking using our search form or email technical support with any questions.
5 Myths: Why We Are All Data Security Risks
Lance Cottrell, Chief Scientist, Ntrepid,  9/15/2014
In Defense Of Passwords
Corey Nachreiner, Director, Security Strategy & Research, WatchGuard Technologies,  9/16/2014
Google Backs New Effort To Simplify Security
Kelly Jackson Higgins, Executive Editor at Dark Reading,  9/18/2014
Register for Dark Reading Newsletters
Dark Reading Radio
Cartoon
White Papers
Current Issue
Dark Reading, September 16, 2014
Malicious software is morphing to be more targeted, stealthy, and destructive. Are you prepared to stop it?
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-2942
Published: 2014-09-22
Cobham Aviator 700D and 700E satellite terminals use an improper algorithm for PIN codes, which makes it easier for attackers to obtain a privileged terminal session by calculating the superuser code, and then leveraging physical access or terminal access to enter this code.

CVE-2014-5522
Published: 2014-09-22
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-6025. Reason: This candidate is a reservation duplicate of CVE-2014-6025. Notes: All CVE users should reference CVE-2014-6025 instead of this candidate. All references and descriptions in this candidate have been removed to pre...

CVE-2014-5523
Published: 2014-09-22
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-5524. Reason: This candidate is a duplicate of CVE-2014-5524. Notes: All CVE users should reference CVE-2014-5524 instead of this candidate. All references and descriptions in this candidate have been removed to prevent acciden...

CVE-2014-5575
Published: 2014-09-22
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.

CVE-2014-5665
Published: 2014-09-22
The Mzone Login (aka com.mr384.MzoneLogin) application 1.2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

Best of the Web
Title Partner’s Role in Perimeter Security
Title Partner’s Role in Perimeter Security
Considering how prevalent third-party attacks are, we need to ask hard questions about how partners and suppliers are safeguarding systems and data.
Flash Poll
Video
Slideshows
Twitter Feed