Endpoint
News & Commentary
5 Ways To Think Outside The PCI Checkbox
Ericka Chickowski, Contributing Writer, Dark ReadingNews
New PCI Council GM plans to help organizations move their practices beyond compliance mentality into risk-based security.
By Ericka Chickowski Contributing Writer, Dark Reading, 9/19/2014
Comment0 comments  |  Read  |  Post a Comment
Apple CEO: We Don't Covet Your Data
Thomas Claburn, Editor-at-LargeCommentary
Apple CEO Tim Cook highlights the company's commitment to privacy in an open letter.
By Thomas Claburn Editor-at-Large, 9/18/2014
Comment8 comments  |  Read  |  Post a Comment
Google Backs New Effort To Simplify Security
Kelly Jackson Higgins, Executive Editor at Dark ReadingQuick Hits
New organization Simply Secure aims to promote and shape more user-friendly security and privacy technologies on the Internet.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 9/18/2014
Comment12 comments  |  Read  |  Post a Comment
Facebook Explains iOS 8 App Privacy Changes
Kristin Burnham, Senior Editor, InformationWeek.comCommentary
Despite tweaks to a privacy setting in iOS 8, Facebook says it's not tracking you any more than it already has been.
By Kristin Burnham Senior Editor, InformationWeek.com, 9/18/2014
Comment0 comments  |  Read  |  Post a Comment
7 Reasons To Love Passwords
Sara Peters, Senior Editor at Dark Reading
Passwords are often ridiculed, but there are some reasons they should be your nearest and dearest authentication factor.
By Sara Peters Senior Editor at Dark Reading, 9/17/2014
Comment3 comments  |  Read  |  Post a Comment
Data Privacy Etiquette: It's Not Just For Kids
Lysa Myers, Security Researcher, ESETCommentary
Children are the innocent victims of the worst effects of social media. Thatís why itís vital for adults to establish privacy values that are safe for them -- and the rest of us.
By Lysa Myers Security Researcher, ESET, 9/17/2014
Comment9 comments  |  Read  |  Post a Comment
DR Radio: A Grown-Up Conversation About Passwords
Sara Peters, Senior Editor at Dark ReadingCommentary
Cormac Herley of Microsoft Research will challenge everything you think you know about password management.
By Sara Peters Senior Editor at Dark Reading, 9/16/2014
Comment7 comments  |  Read  |  Post a Comment
In Defense Of Passwords
Corey Nachreiner, Director, Security Strategy & Research, WatchGuard TechnologiesCommentary
Long live the password (as long as you use it correctly along with something else).
By Corey Nachreiner Director, Security Strategy & Research, WatchGuard Technologies, 9/16/2014
Comment12 comments  |  Read  |  Post a Comment
Mining WiFi Data: Retail Privacy Pitfalls
Doug Henschen, Executive Editor, InformationWeekCommentary
WiFi data mining starts with anonymous tracking, but it can lead to personal details in social profiles. Interop New York session explores opportunities and limits for retailers.
By Doug Henschen Executive Editor, InformationWeek, 9/15/2014
Comment13 comments  |  Read  |  Post a Comment
Why Email Is Worth Saving
Daniel Ingevaldson, CTO, Easy SolutionsCommentary
What if an Internet-scale, federated policy, authentication, and enforcement framework for trusted email delivery were available? It is.
By Daniel Ingevaldson CTO, Easy Solutions, 9/12/2014
Comment11 comments  |  Read  |  Post a Comment
Privacy, Security & The Geography Of Data Protection
Malte Pollmann, CEO, UtimacoCommentary
Data generation is global, so why do different parts of the world react differently to the same threat of security breaches and backdoors?
By Malte Pollmann CEO, Utimaco, 9/11/2014
Comment6 comments  |  Read  |  Post a Comment
Startup Uncovers Flaws In Mobile Apps, Launches New Security Service
Tim Wilson, Editor in Chief, Dark ReadingQuick Hits
Wandera says only one of seven US employees is given any guidance on mobile security by the employer.
By Tim Wilson Editor in Chief, Dark Reading, 9/11/2014
Comment3 comments  |  Read  |  Post a Comment
Apple Pay Ups Payment Security But PoS Threats Remain
Sara Peters, Senior Editor at Dark ReadingNews
Apple's new contactless payment tech will not stop point-of-sale breaches like Home Depot and UPS, but it could make those breaches less valuable to attackers.
By Sara Peters Senior Editor at Dark Reading, 9/10/2014
Comment21 comments  |  Read  |  Post a Comment
Poll: Significant Insecurity About Internet of Things
Marilyn Cohodas, Community Editor, Dark ReadingCommentary
Fewer than one percent of more than 800 Dark Reading community members are ready for the fast approaching security onslaught of the IoT.
By Marilyn Cohodas Community Editor, Dark Reading, 9/5/2014
Comment3 comments  |  Read  |  Post a Comment
4 Hurdles To Securing The Internet Of Things
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Why locking down even the tiniest embedded device is a tall order.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 9/4/2014
Comment7 comments  |  Read  |  Post a Comment
Celeb Hack: Is Apple Telling All It Knows?
Dave Kearns, Analyst, Kuppinger-ColeCommentary
Did Apple have a system-wide data breach? No. Was it complicit through an appalling security lapse by not defending against brute force attacks? Youíre darn tootin'!
By Dave Kearns Analyst, Kuppinger-Cole, 9/3/2014
Comment14 comments  |  Read  |  Post a Comment
How I Hacked My Home, IoT Style
David Jacoby, Sr. Security Researcher, Kaspersky LabCommentary
It didnít take long to find a score of vulnerabilities in my home entertainment, gaming, and network storage systems.
By David Jacoby Sr. Security Researcher, Kaspersky Lab, 8/27/2014
Comment16 comments  |  Read  |  Post a Comment
Cyberspies Target Chinese Ethnic Group
Kelly Jackson Higgins, Executive Editor at Dark ReadingQuick Hits
Academic researchers study phishing emails targeting the World Uyghur Congress (WUC), which represents the Uyghur ethnic group residing in China and in exile.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 8/13/2014
Comment0 comments  |  Read  |  Post a Comment
UK Reconsidering Biometrics
Sara Peters, Senior Editor at Dark ReadingQuick Hits
Parliament is looking for answers about biometrics' privacy, security, future uses, and whether or not legislation is ready for what comes next.
By Sara Peters Senior Editor at Dark Reading, 8/12/2014
Comment4 comments  |  Read  |  Post a Comment
6 Biometric Factors That Are Working Today
Marilyn Cohodas, Community Editor, Dark Reading
From fingerprints to wearable ECG monitors, there are real options in the market that may relegate the despised password to the dustbin of history.
By Marilyn Cohodas Community Editor, Dark Reading, 8/12/2014
Comment23 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Security Insights
3 Places to Enable 2-Factor Authentication Now
3 Places to Enable 2-Factor Authentication Now
Two-factor authentication is a ubiquitous, mature technology. Whether or not you use it for your network, here are three external services for which you should immediately enable it.
Comment1 comments
Read | Post a Comment
More Sophos Security Insights
PR Newswire
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading, September 16, 2014
Malicious software is morphing to be more targeted, stealthy, and destructive. Are you prepared to stop it?
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2006-1318
Published: 2014-09-19
Microsoft Office 2003 SP1 and SP2, Office XP SP3, Office 2000 SP3, Office 2004 for Mac, and Office X for Mac do not properly parse record lengths, which allows remote attackers to execute arbitrary code via a malformed control in an Office document, aka "Microsoft Office Control Vulnerability."

CVE-2012-2588
Published: 2014-09-19
Multiple cross-site scripting (XSS) vulnerabilities in MailEnable Enterprise 6.5 allow remote attackers to inject arbitrary web script or HTML via the (1) From, (2) To, or (3) Subject header or (4) body in an SMTP e-mail message.

CVE-2012-6659
Published: 2014-09-19
Cross-site scripting (XSS) vulnerability in the admin interface in Phorum before 5.2.19 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.

CVE-2014-1391
Published: 2014-09-19
QT Media Foundation in Apple OS X before 10.9.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file with RLE encoding.

CVE-2014-3614
Published: 2014-09-19
Unspecified vulnerability in PowerDNS Recursor (aka pdns_recursor) 3.6.x before 3.6.1 allows remote attackers to cause a denial of service (crash) via an unknown sequence of malformed packets.

Best of the Web
Dark Reading Radio