Mobile
News & Commentary
Killing Passwords: Don’t Get A-Twitter Over ‘Digits’
Dave Kearns, Analyst, Kuppinger-ColeCommentary
Twitter’s new service that eliminates passwords for authentication actually makes your mobile device less secure.
By Dave Kearns Analyst, Kuppinger-Cole, 11/19/2014
Comment5 comments  |  Read  |  Post a Comment
‘Walk & Stalk’: A New Twist In Cyberstalking
Ken Munro,  Partner & Founder, Pen Test Partners LLPCommentary
How hackers can turn Wifi signals from smartphones and tablets into a homing beacon that captures users' online credentials and follows them, undetected, throughout the course of the day.
By Ken Munro Partner & Founder, Pen Test Partners LLP, 11/11/2014
Comment4 comments  |  Read  |  Post a Comment
WireLurker: A New Age In Mac OSX, iOS Malware
Sara Peters, Senior Editor at Dark ReadingNews
WireLurker authors are likely independent individuals based in China who are Mac development experts and cybercrime amateurs.
By Sara Peters Senior Editor at Dark Reading, 11/6/2014
Comment1 Comment  |  Read  |  Post a Comment
New Malware Targets iOS, OS X
Eric Zeman, News
WireLurker infects iPhones and iPads via USB cable when attached to Macs.
By Eric Zeman , 11/6/2014
Comment4 comments  |  Read  |  Post a Comment
iOS 8 Vs. Android: How Secure Is Your Data?
Adam Ely, COO, BlueboxCommentary
With iOS 8, the lines between iOS and Android are blurring. No longer is iOS the heavily fortified environment and Android the wide-open one.
By Adam Ely COO, Bluebox, 11/5/2014
Comment4 comments  |  Read  |  Post a Comment
'Blur' Protects Against Online Tracking
Kristin Burnham, Senior Editor, InformationWeek.comNews
New tool blocks companies from tracking you online, lets you mask sensitive information such as email, phone number, and credit card information.
By Kristin Burnham Senior Editor, InformationWeek.com, 11/4/2014
Comment7 comments  |  Read  |  Post a Comment
4 Essentials For Mobile Device VPNs
Patrick Oliver Graf, GM, Americas, NCP EngineeringCommentary
VPNs for smartphones and tablets have different requirements than laptops. Here’s what you need to know.
By Patrick Oliver Graf GM, Americas, NCP Engineering, 10/31/2014
Comment10 comments  |  Read  |  Post a Comment
Verizon Wireless Embroiled In Tracking Controversy
Kristin Burnham, Senior Editor, InformationWeek.comNews
Verizon Wireless is in hot water with security and privacy advocates regarding unique identifier headers that function as what one EFF expert calls "perma-cookies."
By Kristin Burnham Senior Editor, InformationWeek.com, 10/29/2014
Comment13 comments  |  Read  |  Post a Comment
Samsung Knox Is Weak, Researcher Says
Thomas Claburn, Editor-at-LargeNews
Samsung's Knox security software for Android devices handles passwords in a way that undermines encryption, an anonymous researcher says.
By Thomas Claburn Editor-at-Large, 10/24/2014
Comment7 comments  |  Read  |  Post a Comment
3 Enterprise Security Tenets To Take Personally
David Fowler, VP Marketing, INetUCommentary
Individuals need to become conscious advocates for their own security -- after all, no one cares about your data like you do.
By David Fowler VP Marketing, INetU, 10/24/2014
Comment4 comments  |  Read  |  Post a Comment
The Internet of Things: 7 Scary Security Scenarios
Marilyn Cohodas, Community Editor, Dark Reading
The IoT can be frightening when viewed from the vantage point of information security.
By Marilyn Cohodas Community Editor, Dark Reading, 10/16/2014
Comment9 comments  |  Read  |  Post a Comment
Tokenization: 6 Reasons The Card Industry Should Be Wary
Pat Carroll, Executive Chairman & Founder, ValidSoftCommentary
VISA’s new token service aims to provide consumers a simple, fraud-free digital payment experience. It’s a worthy goal, but one that may prove to be more aspirational than functional.
By Pat Carroll Executive Chairman & Founder, ValidSoft, 10/7/2014
Comment4 comments  |  Read  |  Post a Comment
Marriott Pays $600,000 For Jamming WiFi Hotspots
Thomas Claburn, Editor-at-LargeNews
Marriott International has agreed to settle an FCC complaint regarding blockage of guests' WiFi hotspots.
By Thomas Claburn Editor-at-Large, 10/4/2014
Comment3 comments  |  Read  |  Post a Comment
Cellphones OK For EU Airlines
Thomas Claburn, Editor-at-LargeNews
European regulators allow voice calls throughout flights.
By Thomas Claburn Editor-at-Large, 9/29/2014
Comment7 comments  |  Read  |  Post a Comment
iOS In-App Browsing Poses Security Risk
Thomas Claburn, Editor-at-LargeNews
iOS developer warns that browser windows invoked within third-party apps allow information theft.
By Thomas Claburn Editor-at-Large, 9/26/2014
Comment1 Comment  |  Read  |  Post a Comment
Mobile-Only Employee Trend Could Break Security Models
Ericka Chickowski, Contributing Writer, Dark ReadingNews
One-third of employees exclusively use mobile devices for work, but security organizations still aren't shifting their risk management focus.
By Ericka Chickowski Contributing Writer, Dark Reading, 9/22/2014
Comment10 comments  |  Read  |  Post a Comment
Google Plans To Encrypt Android Data By Default
Thomas Claburn, Editor-at-LargeNews
After Apple CEO Tim Cook talks up iOS8 data security, Google says the next version of Android will shield data on devices more effectively.
By Thomas Claburn Editor-at-Large, 9/20/2014
Comment18 comments  |  Read  |  Post a Comment
Mobile Device Security Isn't All About Devices
Sara Peters, Senior Editor at Dark ReadingCommentaryVideo
Roberto Medrano, executive vice president of SOA Software, explains why securing mobile applications and APIs is so essential.
By Sara Peters Senior Editor at Dark Reading, 9/19/2014
Comment2 comments  |  Read  |  Post a Comment
Apple CEO: We Don't Covet Your Data
Thomas Claburn, Editor-at-LargeNews
Apple CEO Tim Cook highlights the company's commitment to privacy in an open letter.
By Thomas Claburn Editor-at-Large, 9/18/2014
Comment13 comments  |  Read  |  Post a Comment
Facebook Explains iOS 8 App Privacy Changes
Kristin Burnham, Senior Editor, InformationWeek.comNews
Despite tweaks to a privacy setting in iOS 8, Facebook says it's not tracking you any more than it already has been.
By Kristin Burnham Senior Editor, InformationWeek.com, 9/18/2014
Comment2 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading December Tech Digest
Experts weigh in on the pros and cons of end-user security training.
Flash Poll
Containing Corporate Data on Mobile Devices
Containing Corporate Data on Mobile Devices
If you’re still focused on securing endpoints, you’ve got your work cut out for you. WiFi network provider iPass surveyed 1,600 mobile workers and found that the average US employee carries three devices -- a smartphone, a computer, and a tablet or e-reader -- with more than 80% of them doing work on personal devices.
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-7830
Published: 2014-11-24
Cross-site scripting (XSS) vulnerability in mod/feedback/mapcourse.php in the Feedback module in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 allows remote authenticated users to inject arbitrary web script or HTML by leveraging the mod/feedback:mapcourse cap...

CVE-2014-7831
Published: 2014-11-24
lib/classes/grades_external.php in Moodle 2.7.x before 2.7.3 does not consider the moodle/grade:viewhidden capability before displaying hidden grades, which allows remote authenticated users to obtain sensitive information by leveraging the student role to access the get_grades web service.

CVE-2014-7832
Published: 2014-11-24
mod/lti/launch.php in the LTI module in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 performs access control at the course level rather than at the activity level, which allows remote authenticated users to bypass the mod/lti:view capability requirement by vi...

CVE-2014-7833
Published: 2014-11-24
mod/data/edit.php in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 sets a certain group ID to zero upon a database-entry change, which allows remote authenticated users to obtain sensitive information by accessing the database after an edit by a teacher.

CVE-2014-7834
Published: 2014-11-24
mod/forum/externallib.php in Moodle 2.6.x before 2.6.6 and 2.7.x before 2.7.3 does not verify group permissions, which allows remote authenticated users to access a forum via the forum_get_discussions web service.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Now that the holiday season is about to begin both online and in stores, will this be yet another season of nonstop gifting to cybercriminals?