Mobile
News & Commentary
Internet of Things: 4 Security Tips From The Military
Michael K. Daly, CTO, Cybersecurity & Special Missions, Raytheon Intelligence, Information & ServicesCommentary
The military has been connecting mobile command posts, unmanned vehicles, and wearable computers for decades. It’s time to take a page from their battle plan.
By Michael K. Daly CTO, Cybersecurity & Special Missions, Raytheon Intelligence, Information & Services, 7/25/2014
Comment4 comments  |  Read  |  Post a Comment
Apple Documents Undisclosed iOS Services
Thomas Claburn, Editor-at-LargeCommentary
Apple describes services as "diagnostic," but does not address criticism that backdoors undermine security and privacy.
By Thomas Claburn Editor-at-Large, 7/23/2014
Comment0 comments  |  Read  |  Post a Comment
Wearables In Healthcare: Privacy Rules Needed
Alison Diana, Senior EditorCommentary
Johns Hopkins patient privacy violation didn't involve Google Glass or wearables but indicates why the healthcare industry must head off trouble with wearables in clinical settings.
By Alison Diana Senior Editor, 7/23/2014
Comment3 comments  |  Read  |  Post a Comment
Infographic: With BYOD, Mobile Is The New Desktop
Adam Ely, COO, BlueboxCommentary
Security teams have no choice but to embrace the rapid proliferation of BYO devices, apps, and cloud services. To ignore it is to put your head in the sand.
By Adam Ely COO, Bluebox, 7/22/2014
Comment8 comments  |  Read  |  Post a Comment
Hidden iOS Services Bypass Security
Thomas Claburn, Editor-at-LargeCommentary
A computer researcher asks why Apple allows undocumented services to bypass encryption and access user data.
By Thomas Claburn Editor-at-Large, 7/21/2014
Comment12 comments  |  Read  |  Post a Comment
Tapping Into A Homemade Android Army
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Black Hat speaker will detail how security researchers can expedite their work across numerous Android devices at once.
By Ericka Chickowski Contributing Writer, Dark Reading, 7/15/2014
Comment2 comments  |  Read  |  Post a Comment
Dark Reading Radio: Where Do Security Startups Come From?
Tim Wilson, Editor in Chief, Dark ReadingCommentary
This week's radio broadcast will discuss how hot new security companies are born and how they are funded. Showtime is 1:00 p.m. ET.
By Tim Wilson Editor in Chief, Dark Reading, 7/15/2014
Comment2 comments  |  Read  |  Post a Comment
China Labels iPhone A Security Threat
Eric Zeman, Commentary
State media says the iPhone's ability to collect user location data is dangerous.
By Eric Zeman , 7/11/2014
Comment6 comments  |  Read  |  Post a Comment
Silent Circle Challenges Skype, Telecoms With Encrypted Calling
Thomas Claburn, Editor-at-LargeCommentary
Blackphone maker's affordable encrypted calls could appeal to security-conscious businesses.
By Thomas Claburn Editor-at-Large, 7/11/2014
Comment0 comments  |  Read  |  Post a Comment
Cloud & The Fuzzy Math of Shadow IT
Krishna Narayanaswamy, Founder & Chief Scientist, NetskopeCommentary
Do you know how many cloud apps, on average, are running in your organization? The number is probably greater than you think.
By Krishna Narayanaswamy Founder & Chief Scientist, Netskope, 7/10/2014
Comment14 comments  |  Read  |  Post a Comment
'Windows To Go' Device Wins Federal Cryptographic Certification
David F Carr, Editor, InformationWeek HealthcareCommentary
With FIPS 140-2 Level 3 certification, the Imation IronKey portable USB-based workspace becomes a mobility option for both civilian and military agencies.
By David F Carr Editor, InformationWeek Healthcare, 7/10/2014
Comment1 Comment  |  Read  |  Post a Comment
Android Data Wipe Leaves Personal Data
Eric Zeman, Commentary
Factory reset tool on Android smartphones does not remove all photos, emails, chats, and other personal data, says security firm.
By Eric Zeman , 7/9/2014
Comment20 comments  |  Read  |  Post a Comment
Online Scammers Take Advantage Of iPhone 6, iWatch Hype
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Phishing message claims to provide links to leaked iPhone 6 information and pictures.
By Ericka Chickowski Contributing Writer, Dark Reading, 7/8/2014
Comment1 Comment  |  Read  |  Post a Comment
3 BYOD Risk Prevention Strategies
Jim Szafranski, SVP Customer Platform Services, FiberlinkCommentary
An effective BYOD plan must balance control with convenience. Here's what to keep in mind.
By Jim Szafranski SVP Customer Platform Services, Fiberlink, 7/8/2014
Comment2 comments  |  Read  |  Post a Comment
TSA Requires Charged Devices At Some Overseas Airports
Eric Zeman, Commentary
Homeland Security tells US-bound air travelers at certain overseas airports that mobile devices need to be operational when boarding, or gadgets will be confiscated.
By Eric Zeman , 7/7/2014
Comment7 comments  |  Read  |  Post a Comment
10 Ways Google Must Improve Android
Rodney Brown, Editor, The Mobility Hub
Google's upcoming Android "L" version introduces improvements including Android for Work and stronger app security. But Google still has plenty of gaps to fill.
By Rodney Brown Editor, The Mobility Hub, 7/5/2014
Comment25 comments  |  Read  |  Post a Comment
4 Facebook Privacy Intrusion Fixes
Kristin Burnham, Senior Editor, InformationWeek.comCommentary
Facebook may control most of your data, but you can take protective steps. Here's what you need to know.
By Kristin Burnham Senior Editor, InformationWeek.com, 6/30/2014
Comment15 comments  |  Read  |  Post a Comment
How Microsoft Cracks The BYOD Code: 3 Tips
Bret Arsenault, CISO, MicrosoftCommentary
Microsoft’s CISO shares best-practices for balancing employee autonomy and security in today’s bring-your-own world.
By Bret Arsenault CISO, Microsoft, 6/30/2014
Comment5 comments  |  Read  |  Post a Comment
BlackBerry Swipes At Android Security
Eric Zeman, Commentary
In response to Google I/O announcements, BlackBerry criticizes Android's lack of security. On point, or sour grapes?
By Eric Zeman , 6/28/2014
Comment11 comments  |  Read  |  Post a Comment
DARPA Robotics Challenge Gets Tougher
Patience Wait, Commentary
Robots competing in DARPA's disaster relief test must show some autonomy, will face surprise challenge.
By Patience Wait , 6/27/2014
Comment1 Comment  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Security Insights
RIM's Biggest Network Disruption Over: Now What?
RIM's Biggest Network Disruption Over: Now What?
Service disruption becoming all too familiar outcome for BlackBerry users
Comment0 comments
Read | Post a Comment
More Sophos Security Insights
PR Newswire
Register for Dark Reading Newsletters
White Papers
Current Issue
Cartoon
Containing Corporate Data on Mobile Devices
Containing Corporate Data on Mobile Devices
If you’re still focused on securing endpoints, you’ve got your work cut out for you. WiFi network provider iPass surveyed 1,600 mobile workers and found that the average US employee carries three devices -- a smartphone, a computer, and a tablet or e-reader -- with more than 80% of them doing work on personal devices.
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-2227
Published: 2014-07-25
The default Flash cross-domain policy (crossdomain.xml) in Ubiquiti Networks UniFi Video (formerly AirVision aka AirVision Controller) before 3.0.1 does not restrict access to the application, which allows remote attackers to bypass the Same Origin Policy via a crafted SWF file.

CVE-2014-5027
Published: 2014-07-25
Cross-site scripting (XSS) vulnerability in Review Board 1.7.x before 1.7.27 and 2.0.x before 2.0.4 allows remote attackers to inject arbitrary web script or HTML via a query parameter to a diff fragment page.

CVE-2014-5100
Published: 2014-07-25
Multiple cross-site request forgery (CSRF) vulnerabilities in Omeka before 2.2.1 allow remote attackers to hijack the authentication of administrators for requests that (1) add a new super user account via a request to admin/users/add, (2) insert cross-site scripting (XSS) sequences via the api_key_...

CVE-2014-5101
Published: 2014-07-25
Multiple cross-site scripting (XSS) vulnerabilities in WeBid 1.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) TPL_name, (2) TPL_nick, (3) TPL_email, (4) TPL_year, (5) TPL_address, (6) TPL_city, (7) TPL_prov, (8) TPL_zip, (9) TPL_phone, (10) TPL_pp_email, (11) TPL_authn...

CVE-2014-5102
Published: 2014-07-25
SQL injection vulnerability in vBulletin 5.0.4 through 5.1.3 Alpha 5 allows remote attackers to execute arbitrary SQL commands via the criteria[startswith] parameter to ajax/render/memberlist_items.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Sara Peters hosts a conversation on Botnets and those who fight them.