Mobile
News & Commentary
Employees Slacking on Security of Their Mobile Devices
Kelly Jackson Higgins, Senior Editor, Dark ReadingQuick Hits
A survey says that 15% say they had a password compromised.
By Kelly Jackson Higgins Senior Editor, Dark Reading, 4/24/2014
Comment0 comments  |  Read  |  Post a Comment
AOL Adds 'Native' Mobile Ads
Thomas Claburn, Editor-at-LargeCommentary
AOL Platforms aims to give advertisers better results, but some critics object to the editorial-like appearance of native ads.
By Thomas Claburn Editor-at-Large, 4/24/2014
Comment2 comments  |  Read  |  Post a Comment
Android Heartbleed Alert: 150 Million Apps Still Vulnerable
Mathew J. Schwartz, News
Android developers are starting to patch OpenSSL flaws. Meanwhile, Apple ships an SSL fix for iOS and OS X.
By Mathew J. Schwartz , 4/23/2014
Comment3 comments  |  Read  |  Post a Comment
Michaels Retail Chain Reveals Details Of Breach: Nearly 3M Affected
Tim Wilson, Editor in Chief, Dark ReadingQuick Hits
Attack on point-of-sale systems went on for more than six months, officials say.
By Tim Wilson Editor in Chief, Dark Reading, 4/18/2014
Comment4 comments  |  Read  |  Post a Comment
Mobile App Development: 5 Worst Security Dangers
Charlie Fairchild, Senior Android Developer, WillowTree AppsCommentary
Address these areas when building apps -- or brace yourself for a PR and liability nightmare should an attacker find and exploit a flaw.
By Charlie Fairchild Senior Android Developer, WillowTree Apps, 4/18/2014
Comment1 Comment  |  Read  |  Post a Comment
License Plate Recognition Technology Branches Out
Richard W. Walker, Commentary
Law enforcement officials see new security and surveillance uses for license plate recognition technology.
By Richard W. Walker , 4/17/2014
Comment2 comments  |  Read  |  Post a Comment
Smartphone Kill Switches Coming, But Critics Cry Foul
Thomas Claburn, Editor-at-LargeCommentary
Smartphone makers and carriers agree to add optional kill switches to smartphones, but law enforcement officials say the anti-theft effort doesn't go far enough.
By Thomas Claburn Editor-at-Large, 4/16/2014
Comment18 comments  |  Read  |  Post a Comment
Mobility: Who Bears The Brunt Of Data Security & Privacy
Grayson Milbourne, Director, Security Intelligence, WebrootCommentary
OS manufacturers, app developers, and consumers all have a role to play in smartphone data security. But not everyone is equally responsible.
By Grayson Milbourne Director, Security Intelligence, Webroot, 4/16/2014
Comment3 comments  |  Read  |  Post a Comment
What Is The FIDO Alliance?
Dark Reading, CommentaryVideo
Phillip Dunkelberger of Nok Nok Labs explains why its proposed specifications will transform computing.
By Dark Reading , 4/2/2014
Comment0 comments  |  Read  |  Post a Comment
Bit Errors & the Internet of Things
Jaeson Schultz, Threat Research Engineer, Cisco TRAC TeamCommentary
Internet traffic, misdirected to malicious bitsquatted domains, has plagued computer security for years. The consequences will be even worse for the IoT.
By Jaeson Schultz Threat Research Engineer, Cisco TRAC Team, 3/31/2014
Comment7 comments  |  Read  |  Post a Comment
Android Apps Hide Crypto-Currency Mining Malware
Mathew J. Schwartz, News
Apps downloaded by millions from Google Play and Spanish software forums include hidden altcoin-mining software. But criminals aren't getting rich quickly.
By Mathew J. Schwartz , 3/27/2014
Comment1 Comment  |  Read  |  Post a Comment
A Cyber History Of The Ukraine Conflict
John Bumgarner, Chief Technology Officer for the U.S. Cyber Consequences UnitCommentary
The CTO for the US Cyber Consequences Unit offers a brief lesson in Russian geopolitics and related cyber flare-ups, and explains why we should be concerned.
By John Bumgarner Chief Technology Officer for the U.S. Cyber Consequences Unit, 3/27/2014
Comment5 comments  |  Read  |  Post a Comment
Finally, Plug & Play Authentication!
Phil Dunkelberger, President & CEO, Nok Nok LabsCommentaryVideo
FIDO Alliance technology will allow enterprises to replace passwords with plug-and-play multifactor authentication.
By Phil Dunkelberger President & CEO, Nok Nok Labs, 3/26/2014
Comment1 Comment  |  Read  |  Post a Comment
Luck O' The Irish: Caption Contest Winners Announced
Marilyn Cohodas, Community Editor, Dark ReadingCommentary
A lot of blarney tinged with geek. And the winning caption is...
By Marilyn Cohodas Community Editor, Dark Reading, 3/20/2014
Comment4 comments  |  Read  |  Post a Comment
Attackers Hit Clearinghouse Selling Stolen Target Data
Mathew J. Schwartz, News
Hackers interrupt and deface sites of black-market forums selling credit card data stolen from Target and other retailers.
By Mathew J. Schwartz , 3/18/2014
Comment4 comments  |  Read  |  Post a Comment
Voice, Proximity Key To Cutting
E-Payment Fraud
Pat Carroll, Executive Chairman & Founder, ValidSoftCommentary
While we wait for EMV, US companies should lay the groundwork for strong security.
By Pat Carroll Executive Chairman & Founder, ValidSoft, 3/18/2014
Comment2 comments  |  Read  |  Post a Comment
7 Behaviors That Could Indicate A Security Breach
Becca Lipman, News
Breaches create outliers. Identifying anomalous activity can help keep firms in compliance and out of the headlines.
By Becca Lipman , 3/14/2014
Comment1 Comment  |  Read  |  Post a Comment
Samsung Galaxy Security Alert: Android Backdoor Discovered
Mathew J. Schwartz, News
Samsung's flavor of Android has a backdoor that can be remotely exploited by attackers, Android developers warn.
By Mathew J. Schwartz , 3/13/2014
Comment1 Comment  |  Read  |  Post a Comment
The Case For Browser-Based Access Controls
Garret Grajek, CTO & COO, SecureAuthCommentary
Is "browser-ized" security a better defense against hackers than traditional methods? Check out these two examples.
By Garret Grajek CTO & COO, SecureAuth, 3/7/2014
Comment2 comments  |  Read  |  Post a Comment
Apple iOS Vulnerable To Hidden Profile Attacks
Mathew J. Schwartz, News
Unpatched flaw in iOS enables malicious profile users to secretly control devices and intercept data.
By Mathew J. Schwartz , 3/6/2014
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by Marilyn Cohodas
Current Conversations LOL.
In reply to: Check out our new cartoon
Post Your Own Reply
More Conversations
Security Insights
RIM's Biggest Network Disruption Over: Now What?
RIM's Biggest Network Disruption Over: Now What?
Service disruption becoming all too familiar outcome for BlackBerry users
Comment0 comments
Read | Post a Comment
More Sophos Security Insights
PR Newswire
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Containing Corporate Data on Mobile Devices
Containing Corporate Data on Mobile Devices
If youíre still focused on securing endpoints, youíve got your work cut out for you. WiFi network provider iPass surveyed 1,600 mobile workers and found that the average US employee carries three devices -- a smartphone, a computer, and a tablet or e-reader -- with more than 80% of them doing work on personal devices.
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2012-3946
Published: 2014-04-24
Cisco IOS before 15.3(2)S allows remote attackers to bypass interface ACL restrictions in opportunistic circumstances by sending IPv6 packets in an unspecified scenario in which expected packet drops do not occur for "a small percentage" of the packets, aka Bug ID CSCty73682.

CVE-2012-5723
Published: 2014-04-24
Cisco ASR 1000 devices with software before 3.8S, when BDI routing is enabled, allow remote attackers to cause a denial of service (device reload) via crafted (1) broadcast or (2) multicast ICMP packets with fragmentation, aka Bug ID CSCub55948.

CVE-2013-6738
Published: 2014-04-24
Cross-site scripting (XSS) vulnerability in IBM SmartCloud Analytics Log Analysis 1.1 and 1.2 before 1.2.0.0-CSI-SCALA-IF0003 allows remote attackers to inject arbitrary web script or HTML via an invalid query parameter in a response from an OAuth authorization endpoint.

CVE-2014-0188
Published: 2014-04-24
The openshift-origin-broker in Red Hat OpenShift Enterprise 2.0.5, 1.2.7, and earlier does not properly handle authentication requests from the remote-user auth plugin, which allows remote attackers to bypass authentication and impersonate arbitrary users via the X-Remote-User header in a request to...

CVE-2014-2391
Published: 2014-04-24
The password recovery service in Open-Xchange AppSuite before 7.2.2-rev20, 7.4.1 before 7.4.1-rev11, and 7.4.2 before 7.4.2-rev13 makes an improper decision about the sensitivity of a string representing a previously used but currently invalid password, which allows remote attackers to obtain potent...

Best of the Web