Mobile
News & Commentary
China Labels iPhone A Security Threat
Eric Zeman, Commentary
State media says the iPhone's ability to collect user location data is dangerous.
By Eric Zeman , 7/11/2014
Comment4 comments  |  Read  |  Post a Comment
Silent Circle Challenges Skype, Telecoms With Encrypted Calling
Thomas Claburn, Editor-at-LargeCommentary
Blackphone maker's affordable encrypted calls could appeal to security-conscious businesses.
By Thomas Claburn Editor-at-Large, 7/11/2014
Comment0 comments  |  Read  |  Post a Comment
Cloud & The Fuzzy Math of Shadow IT
Krishna Narayanaswamy, Founder & Chief Scientist, NetskopeCommentary
Do you know how many cloud apps, on average, are running in your organization? The number is probably greater than you think.
By Krishna Narayanaswamy Founder & Chief Scientist, Netskope, 7/10/2014
Comment9 comments  |  Read  |  Post a Comment
'Windows To Go' Device Wins Federal Cryptographic Certification
David F Carr, Editor, InformationWeek HealthcareCommentary
With FIPS 140-2 Level 3 certification, the Imation IronKey portable USB-based workspace becomes a mobility option for both civilian and military agencies.
By David F Carr Editor, InformationWeek Healthcare, 7/10/2014
Comment0 comments  |  Read  |  Post a Comment
Android Data Wipe Leaves Personal Data
Eric Zeman, Commentary
Factory reset tool on Android smartphones does not remove all photos, emails, chats, and other personal data, says security firm.
By Eric Zeman , 7/9/2014
Comment19 comments  |  Read  |  Post a Comment
Online Scammers Take Advantage Of iPhone 6, iWatch Hype
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Phishing message claims to provide links to leaked iPhone 6 information and pictures.
By Ericka Chickowski Contributing Writer, Dark Reading, 7/8/2014
Comment1 Comment  |  Read  |  Post a Comment
3 BYOD Risk Prevention Strategies
Jim Szafranski, SVP Customer Platform Services, FiberlinkCommentary
An effective BYOD plan must balance control with convenience. Here's what to keep in mind.
By Jim Szafranski SVP Customer Platform Services, Fiberlink, 7/8/2014
Comment2 comments  |  Read  |  Post a Comment
TSA Requires Charged Devices At Some Overseas Airports
Eric Zeman, Commentary
Homeland Security tells US-bound air travelers at certain overseas airports that mobile devices need to be operational when boarding, or gadgets will be confiscated.
By Eric Zeman , 7/7/2014
Comment7 comments  |  Read  |  Post a Comment
10 Ways Google Must Improve Android
Rodney Brown, Editor, The Mobility Hub
Google's upcoming Android "L" version introduces improvements including Android for Work and stronger app security. But Google still has plenty of gaps to fill.
By Rodney Brown Editor, The Mobility Hub, 7/5/2014
Comment25 comments  |  Read  |  Post a Comment
4 Facebook Privacy Intrusion Fixes
Kristin Burnham, Senior Editor, InformationWeek.comCommentary
Facebook may control most of your data, but you can take protective steps. Here's what you need to know.
By Kristin Burnham Senior Editor, InformationWeek.com, 6/30/2014
Comment12 comments  |  Read  |  Post a Comment
How Microsoft Cracks The BYOD Code: 3 Tips
Bret Arsenault, CISO, MicrosoftCommentary
Microsoft’s CISO shares best-practices for balancing employee autonomy and security in today’s bring-your-own world.
By Bret Arsenault CISO, Microsoft, 6/30/2014
Comment5 comments  |  Read  |  Post a Comment
BlackBerry Swipes At Android Security
Eric Zeman, Commentary
In response to Google I/O announcements, BlackBerry criticizes Android's lack of security. On point, or sour grapes?
By Eric Zeman , 6/28/2014
Comment10 comments  |  Read  |  Post a Comment
DARPA Robotics Challenge Gets Tougher
Patience Wait, Commentary
Robots competing in DARPA's disaster relief test must show some autonomy, will face surprise challenge.
By Patience Wait , 6/27/2014
Comment1 Comment  |  Read  |  Post a Comment
3 Mobile Security Tips For SMBs
Vijay Basani, Co-Founder, President & CEO, EIQ NetworksCommentary
Everyone in an organization has to work together to combat intrusions and data loss, but this is especially true for small businesses.
By Vijay Basani Co-Founder, President & CEO, EIQ Networks, 6/27/2014
Comment5 comments  |  Read  |  Post a Comment
Mobile Security Action Plan
John H. Sawyer, Contributing Writer, Dark ReadingCommentary
Consumerization means CIOs must grant personal devices access to corporate data and networks. Here's how to avoid loss and corruption.
By John H. Sawyer Contributing Writer, Dark Reading, 6/26/2014
Comment2 comments  |  Read  |  Post a Comment
Cloud Security: Think Today’s Reality, Not Yesterday’s Policy
Tal Klein, VP Strategy, AdallomCommentary
SaaS, BYOD, and mobility are inseparable, yet time and time again companies attempt to compartmentalize the three when they make a move to the cloud. That's a big mistake.
By Tal Klein VP Strategy, Adallom, 6/25/2014
Comment12 comments  |  Read  |  Post a Comment
PayPal Two-Factor Authentication Broken
Kelly Jackson Higgins, Senior Editor, Dark ReadingNews
Researchers discover a way to bypass the extra layer of security for mobile PayPal app accounts.
By Kelly Jackson Higgins Senior Editor, Dark Reading, 6/25/2014
Comment8 comments  |  Read  |  Post a Comment
Why IT's Mobility Efforts Still Fall Short
Art Wittmann, Commentary
IT must support employees on the go as well as build mobile apps for customers. Both initiatives still have a long way to go.
By Art Wittmann , 6/24/2014
Comment3 comments  |  Read  |  Post a Comment
Governments Use 'Legal' Mobile Malware To Spy On Citizens
Ericka Chickowski, Contributing Writer, Dark ReadingNews
New research shows how C&C infrastructure and mobile Trojans are packaged by one firm offering worldwide governments the means to spy on everyday criminals and political targets.
By Ericka Chickowski Contributing Writer, Dark Reading, 6/24/2014
Comment3 comments  |  Read  |  Post a Comment
Google Play Apps Expose Users To Attack
Kelly Jackson Higgins, Senior Editor, Dark ReadingQuick Hits
Researchers discover thousands of Android app developers store secret keys in their apps.
By Kelly Jackson Higgins Senior Editor, Dark Reading, 6/19/2014
Comment6 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Security Insights
RIM's Biggest Network Disruption Over: Now What?
RIM's Biggest Network Disruption Over: Now What?
Service disruption becoming all too familiar outcome for BlackBerry users
Comment0 comments
Read | Post a Comment
More Sophos Security Insights
PR Newswire
Register for Dark Reading Newsletters
White Papers
Current Issue
Cartoon
Containing Corporate Data on Mobile Devices
Containing Corporate Data on Mobile Devices
If you’re still focused on securing endpoints, you’ve got your work cut out for you. WiFi network provider iPass surveyed 1,600 mobile workers and found that the average US employee carries three devices -- a smartphone, a computer, and a tablet or e-reader -- with more than 80% of them doing work on personal devices.
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-6117
Published: 2014-07-11
Dahua DVR 2.608.0000.0 and 2.608.GV00.0 allows remote attackers to bypass authentication and obtain sensitive information including user credentials, change user passwords, clear log files, and perform other actions via a request to TCP port 37777.

CVE-2014-0174
Published: 2014-07-11
Cumin (aka MRG Management Console), as used in Red Hat Enterprise MRG 2.5, does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie.

CVE-2014-3485
Published: 2014-07-11
The REST API in the ovirt-engine in oVirt, as used in Red Hat Enterprise Virtualization (rhevm) 3.4, allows remote authenticated users to read arbitrary files and have other unspecified impact via unknown vectors, related to an XML External Entity (XXE) issue.

CVE-2014-3499
Published: 2014-07-11
Docker 1.0.0 uses world-readable and world-writable permissions on the management socket, which allows local users to gain privileges via unspecified vectors.

CVE-2014-3503
Published: 2014-07-11
Apache Syncope 1.1.x before 1.1.8 uses weak random values to generate passwords, which makes it easier for remote attackers to guess the password via a brute force attack.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Marilyn Cohodas and her guests look at the evolving nature of the relationship between CIO and CSO.