Operations // Identity & Access Management
News & Commentary
7 Reasons To Love Passwords
Sara Peters, Senior Editor at Dark Reading
Passwords are often ridiculed, but there are some reasons they should be your nearest and dearest authentication factor.
By Sara Peters Senior Editor at Dark Reading, 9/17/2014
Comment3 comments  |  Read  |  Post a Comment
In Defense Of Passwords
Corey Nachreiner, Director, Security Strategy & Research, WatchGuard TechnologiesCommentary
Long live the password (as long as you use it correctly along with something else).
By Corey Nachreiner Director, Security Strategy & Research, WatchGuard Technologies, 9/16/2014
Comment12 comments  |  Read  |  Post a Comment
5 Myths: Why We Are All Data Security Risks
Lance Cottrell, Chief Scientist, NtrepidCommentary
I am absolutely sure that I could be tricked by a well-crafted spear phishing attack, and I am equally sure I could do the same to you.
By Lance Cottrell Chief Scientist, Ntrepid, 9/15/2014
Comment12 comments  |  Read  |  Post a Comment
Why Email Is Worth Saving
Daniel Ingevaldson, CTO, Easy SolutionsCommentary
What if an Internet-scale, federated policy, authentication, and enforcement framework for trusted email delivery were available? It is.
By Daniel Ingevaldson CTO, Easy Solutions, 9/12/2014
Comment11 comments  |  Read  |  Post a Comment
Google: No Breach In Latest Online Dump Of Credentials
Kelly Jackson Higgins, Executive Editor at Dark ReadingQuick Hits
The online leak of some 5 million username and password combinations consisted of mostly stale or older credentials that don't actually work, Google says.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 9/11/2014
Comment3 comments  |  Read  |  Post a Comment
Celeb Hack: Is Apple Telling All It Knows?
Dave Kearns, Analyst, Kuppinger-ColeCommentary
Did Apple have a system-wide data breach? No. Was it complicit through an appalling security lapse by not defending against brute force attacks? You’re darn tootin'!
By Dave Kearns Analyst, Kuppinger-Cole, 9/3/2014
Comment14 comments  |  Read  |  Post a Comment
Secure The Core: Advice For Agencies Under Attack
Vijay Basani, CEO, EiQ NetworksCommentary
When facing state-sponsored attacks, perimeter security is never enough.
By Vijay Basani CEO, EiQ Networks, 9/3/2014
Comment2 comments  |  Read  |  Post a Comment
6 Biometric Factors That Are Working Today
Marilyn Cohodas, Community Editor, Dark Reading
From fingerprints to wearable ECG monitors, there are real options in the market that may relegate the despised password to the dustbin of history.
By Marilyn Cohodas Community Editor, Dark Reading, 8/12/2014
Comment23 comments  |  Read  |  Post a Comment
'Backoff' Malware: Time To Step Up Remote Access Security
Boatner Blankenstein, Senior Director, Solutions Engineering, BomgarCommentary
DHS issues advisory about remote desktop access tools associated with recent point-of-sale breaches.
By Boatner Blankenstein Senior Director, Solutions Engineering, Bomgar, 8/1/2014
Comment9 comments  |  Read  |  Post a Comment
Phishing: What Once Was Old Is New Again
Dave Kearns, Analyst, Kuppinger-ColeCommentary
I used to think the heyday of phishing had passed. But as Symantec notes in its 2014 Internet Security Threat Report, I was wrong!
By Dave Kearns Analyst, Kuppinger-Cole, 7/30/2014
Comment12 comments  |  Read  |  Post a Comment
Weak Password Advice From Microsoft
Andrey Dulkin, Senior Director, Cyber Innovation, CyberArkCommentary
Tempting as it may seem to do away with strong passwords for low-risk websites, password reuse is still a significant threat to both users and business.
By Andrey Dulkin Senior Director, Cyber Innovation, CyberArk, 7/28/2014
Comment16 comments  |  Read  |  Post a Comment
Passwords Be Gone! Removing 4 Barriers To Strong Authentication
Phillip M. Dunkelberger, President & CEO, Nok Nok LabsCommentary
As biometric factors become more prevalent on mobile devices, FIDO Alliance standards will gain traction as an industry-wide authentication solution.
By Phillip M. Dunkelberger President & CEO, Nok Nok Labs, 7/24/2014
Comment10 comments  |  Read  |  Post a Comment
Passwords & The Future Of Identity: Payment Networks?
Andre Boysen, EVP, Digital Identity Evangelist, SecureKeyCommentary
The solution to the omnipresent and enduring password problem may be closer than you think.
By Andre Boysen EVP, Digital Identity Evangelist, SecureKey, 7/16/2014
Comment17 comments  |  Read  |  Post a Comment
Payment Card Data Theft: Tips For Small Business
Chris Nutt, Director, Incident Response & Malware, MandiantCommentary
For small businesses looking to reduce their exposure to data theft the good news is the advantage of being small.
By Chris Nutt Director, Incident Response & Malware, Mandiant, 7/15/2014
Comment8 comments  |  Read  |  Post a Comment
3 BYOD Risk Prevention Strategies
Jim Szafranski, SVP Customer Platform Services, FiberlinkCommentary
An effective BYOD plan must balance control with convenience. Here's what to keep in mind.
By Jim Szafranski SVP Customer Platform Services, Fiberlink, 7/8/2014
Comment2 comments  |  Read  |  Post a Comment
Why A Secured Network Is Like The Human Body
Dan Ross, CEO & President, PromisecCommentary
It’s time to throw away the analogies about building fortresses and perimeter defenses and start to approach InfoSec with the same standard of care we use for public health.
By Dan Ross CEO & President, Promisec, 6/26/2014
Comment11 comments  |  Read  |  Post a Comment
P.F. Chang's Breach Went Undetected For Months
Lucas Zaichkowsky, Enterprise Defense Architect, AccessDataCommentary
Early reports indicate that the compromise involved a large number of restaurant locations and dates as far back as September 2013.
By Lucas Zaichkowsky Enterprise Defense Architect, AccessData, 6/23/2014
Comment4 comments  |  Read  |  Post a Comment
SMBs Ignoring Insider Threats
Henry Kenyon, Commentary
Many smaller organizations do not adequately protect against insider threats, CERT expert warns.
By Henry Kenyon , 6/23/2014
Comment7 comments  |  Read  |  Post a Comment
Don’t Let Lousy Teachers Sink Security Awareness
Corey Nachreiner, Director, Security Strategy & Research, WatchGuard TechnologiesCommentary
You can't fix a human problem with a technology solution. Here are three reasons why user education can work and six tips on how to develop a corporate culture of security.
By Corey Nachreiner Director, Security Strategy & Research, WatchGuard Technologies, 6/11/2014
Comment11 comments  |  Read  |  Post a Comment
In Praise Of Shadow IT
Eric Zeman, Commentary
80% of those employed by enterprises larger than 1,000 people circumvent IT to use cloud-based tools, new research says. I say let them.
By Eric Zeman , 6/9/2014
Comment12 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Security Insights
3 Places to Enable 2-Factor Authentication Now
3 Places to Enable 2-Factor Authentication Now
Two-factor authentication is a ubiquitous, mature technology. Whether or not you use it for your network, here are three external services for which you should immediately enable it.
Comment1 comments
Read | Post a Comment
More Sophos Security Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading, September 16, 2014
Malicious software is morphing to be more targeted, stealthy, and destructive. Are you prepared to stop it?
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2006-1318
Published: 2014-09-19
Microsoft Office 2003 SP1 and SP2, Office XP SP3, Office 2000 SP3, Office 2004 for Mac, and Office X for Mac do not properly parse record lengths, which allows remote attackers to execute arbitrary code via a malformed control in an Office document, aka "Microsoft Office Control Vulnerability."

CVE-2012-2588
Published: 2014-09-19
Multiple cross-site scripting (XSS) vulnerabilities in MailEnable Enterprise 6.5 allow remote attackers to inject arbitrary web script or HTML via the (1) From, (2) To, or (3) Subject header or (4) body in an SMTP e-mail message.

CVE-2012-6659
Published: 2014-09-19
Cross-site scripting (XSS) vulnerability in the admin interface in Phorum before 5.2.19 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.

CVE-2014-1391
Published: 2014-09-19
QT Media Foundation in Apple OS X before 10.9.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file with RLE encoding.

CVE-2014-3614
Published: 2014-09-19
Unspecified vulnerability in PowerDNS Recursor (aka pdns_recursor) 3.6.x before 3.6.1 allows remote attackers to cause a denial of service (crash) via an unknown sequence of malformed packets.

Best of the Web
Dark Reading Radio