Tech Center Security Management
Dark Reading's Security Management Tech Center is your destination for news and information surrounding the administrative and professional tasks that information security professionals must perform every day. Written for career security pros, The Security Management Tech Center is designed to provide insight on security career choices, staffing and budgetary issues, and day-to-day administrative tasks such as security reporting and architecture planning.
Interop New York is just around the corner. The show is packed with informative sessions and workshops. Here are a dozen to put on your schedule
Articles leading up to, live coverage from, and post-event analysis of Interop New York 2013
The best firewalls in the world can still be misconfigured. Here are some tips for keeping yours up to snuff
Exactly 50% of voters believed the American who leaked details of several top-secret mass surveillance programs to the press, is a hero while 50% believed he is villain.
Umbrella Web security platform can identify, prevent, contain, and inform on advanced cyberattacks without the need for a malware sample or attack data
- Caldwell Partners Launches Information Security Practice
- Digital Defense Announces New Offering To Thwart Social Engineering Attacks
- Patricia Titus Joins CyberUnited's Board
- Focused Black Hat 2013 Trainings Examine Incident Response, Malware
- Security Pros Fail In Business Lingo
By The Numbers
Information Security Salaries Split
Infosec managers saw their salaries rise, while staffers felt a slight dip in 2013.
Source: InformationWeek 2013 IT Salary Survey
Around the Web
Products & Releases
Free Research and Reports
Dark Reading Digital Magazine
Quick Wins For Strengthening SMB Security
Time To Set Up That Honeypot
Securing Cisco IP Telephony
Attribution Is Much More Than A Source IP
New CA Group Has Big Names, Small Impact
How To Build An IT Security Budget
5 Approaches To Decaffeinating Java Exploits
Enterprise Vulnerabilities From DHS/US-CERT's National Vulnerability Database
The winbind_name_list_to_sid_string_list function in nsswitch/pam_winbind.c in Samba through 4.1.2 handles invalid require_membership_of group names by accepting authentication by any user, which allows remote authenticated users to bypass intended access restrictions in opportunistic circumstances by leveraging an administrator's pam_winbind configuration-file mistake.
The (1) UpdateRequestHandler for XSLT or (2) XPathEntityProcessor in Apache Solr before 4.1 allows remote attackers to have an unspecified impact via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, different vectors than CVE-2013-6407.
Off-by-one error in the adpcm_decode_frame function in libavcodec/adpcm.c in FFmpeg before 1.0.4 allows remote attackers to have an unspecified impact via crafted DK4 data, which triggers an out-of-bounds array access.
libavcodec/alsdec.c in FFmpeg before 1.0.4 allows remote attackers to have an unspecified impact via a crafted block length, which triggers an out-of-bounds write.
Array index error in the qdm2_decode_super_block function in libavcodec/qdm2.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via crafted QDM2 data, which triggers an out-of-bounds array access.