Mobile
News & Commentary
Mobile App Development: 5 Worst Security Dangers
Charlie Fairchild, Senior Android Developer, WillowTree AppsCommentary
Address these areas when building apps -- or brace yourself for a PR and liability nightmare should an attacker find and exploit a flaw.
By Charlie Fairchild Senior Android Developer, WillowTree Apps, 4/18/2014
Comment0 comments  |  Read  |  Post a Comment
License Plate Recognition Technology Branches Out
Richard W. Walker, Commentary
Law enforcement officials see new security and surveillance uses for license plate recognition technology.
By Richard W. Walker , 4/17/2014
Comment1 Comment  |  Read  |  Post a Comment
Smartphone Kill Switches Coming, But Critics Cry Foul
Thomas Claburn, Editor-at-LargeCommentary
Smartphone makers and carriers agree to add optional kill switches to smartphones, but law enforcement officials say the anti-theft effort doesn't go far enough.
By Thomas Claburn Editor-at-Large, 4/16/2014
Comment18 comments  |  Read  |  Post a Comment
Mobility: Who Bears The Brunt Of Data Security & Privacy
Grayson Milbourne, Director, Security Intelligence, WebrootCommentary
OS manufacturers, app developers, and consumers all have a role to play in smartphone data security. But not everyone is equally responsible.
By Grayson Milbourne Director, Security Intelligence, Webroot, 4/16/2014
Comment3 comments  |  Read  |  Post a Comment
What Is The FIDO Alliance?
Dark Reading, CommentaryVideo
Phillip Dunkelberger of Nok Nok Labs explains why its proposed specifications will transform computing.
By Dark Reading , 4/2/2014
Comment0 comments  |  Read  |  Post a Comment
Bit Errors & the Internet of Things
Jaeson Schultz, Threat Research Engineer, Cisco TRAC TeamCommentary
Internet traffic, misdirected to malicious bitsquatted domains, has plagued computer security for years. The consequences will be even worse for the IoT.
By Jaeson Schultz Threat Research Engineer, Cisco TRAC Team, 3/31/2014
Comment7 comments  |  Read  |  Post a Comment
Android Apps Hide Crypto-Currency Mining Malware
Mathew J. Schwartz, News
Apps downloaded by millions from Google Play and Spanish software forums include hidden altcoin-mining software. But criminals aren't getting rich quickly.
By Mathew J. Schwartz , 3/27/2014
Comment1 Comment  |  Read  |  Post a Comment
A Cyber History Of The Ukraine Conflict
John Bumgarner, Chief Technology Officer for the U.S. Cyber Consequences UnitCommentary
The CTO for the US Cyber Consequences Unit offers a brief lesson in Russian geopolitics and related cyber flare-ups, and explains why we should be concerned.
By John Bumgarner Chief Technology Officer for the U.S. Cyber Consequences Unit, 3/27/2014
Comment5 comments  |  Read  |  Post a Comment
Finally, Plug & Play Authentication!
Phil Dunkelberger, President & CEO, Nok Nok LabsCommentaryVideo
FIDO Alliance technology will allow enterprises to replace passwords with plug-and-play multifactor authentication.
By Phil Dunkelberger President & CEO, Nok Nok Labs, 3/26/2014
Comment1 Comment  |  Read  |  Post a Comment
Luck O' The Irish: Caption Contest Winners Announced
Marilyn Cohodas, Community Editor, Dark ReadingCommentary
A lot of blarney tinged with geek. And the winning caption is...
By Marilyn Cohodas Community Editor, Dark Reading, 3/20/2014
Comment4 comments  |  Read  |  Post a Comment
Attackers Hit Clearinghouse Selling Stolen Target Data
Mathew J. Schwartz, News
Hackers interrupt and deface sites of black-market forums selling credit card data stolen from Target and other retailers.
By Mathew J. Schwartz , 3/18/2014
Comment4 comments  |  Read  |  Post a Comment
Voice, Proximity Key To Cutting
E-Payment Fraud
Pat Carroll, Executive Chairman & Founder, ValidSoftCommentary
While we wait for EMV, US companies should lay the groundwork for strong security.
By Pat Carroll Executive Chairman & Founder, ValidSoft, 3/18/2014
Comment2 comments  |  Read  |  Post a Comment
7 Behaviors That Could Indicate A Security Breach
Becca Lipman, News
Breaches create outliers. Identifying anomalous activity can help keep firms in compliance and out of the headlines.
By Becca Lipman , 3/14/2014
Comment1 Comment  |  Read  |  Post a Comment
Samsung Galaxy Security Alert: Android Backdoor Discovered
Mathew J. Schwartz, News
Samsung's flavor of Android has a backdoor that can be remotely exploited by attackers, Android developers warn.
By Mathew J. Schwartz , 3/13/2014
Comment1 Comment  |  Read  |  Post a Comment
The Case For Browser-Based Access Controls
Garret Grajek, CTO & COO, SecureAuthCommentary
Is "browser-ized" security a better defense against hackers than traditional methods? Check out these two examples.
By Garret Grajek CTO & COO, SecureAuth, 3/7/2014
Comment2 comments  |  Read  |  Post a Comment
Apple iOS Vulnerable To Hidden Profile Attacks
Mathew J. Schwartz, News
Unpatched flaw in iOS enables malicious profile users to secretly control devices and intercept data.
By Mathew J. Schwartz , 3/6/2014
Comment0 comments  |  Read  |  Post a Comment
FreedomPop Debuts Encrypted Snowden Phone
Eric Zeman, News
Prepaid phone carrier promises secure messaging, anonymous browsing to security-minded customers.
By Eric Zeman , 3/5/2014
Comment3 comments  |  Read  |  Post a Comment
Cryptocat Wins Apple Approval
Thomas Claburn, Editor-at-LargeNews
NSA surveillance and other worldwide events drive interest in secure messaging, and iOS users now have a new option.
By Thomas Claburn Editor-at-Large, 3/5/2014
Comment1 Comment  |  Read  |  Post a Comment
Name That Cartoon: Luck O' The Irish
John Klossner, CartoonistCommentary
We provide the cartoon. You write the caption. Maybe you'll win a prize.
By John Klossner Cartoonist, 3/3/2014
Comment101 comments  |  Read  |  Post a Comment
Boeing Unveils Self-Destructing Smartphone
Elena Malykhina, Technology JournalistQuick Hits
Rugged and super-secure Boeing Black smartphone targets government agencies involved with defense and homeland security
By Elena Malykhina Technology Journalist, 2/28/2014
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Security Insights
RIM's Biggest Network Disruption Over: Now What?
RIM's Biggest Network Disruption Over: Now What?
Service disruption becoming all too familiar outcome for BlackBerry users
Comment0 comments
Read | Post a Comment
More Sophos Security Insights
PR Newswire
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Containing Corporate Data on Mobile Devices
Containing Corporate Data on Mobile Devices
If you’re still focused on securing endpoints, you’ve got your work cut out for you. WiFi network provider iPass surveyed 1,600 mobile workers and found that the average US employee carries three devices -- a smartphone, a computer, and a tablet or e-reader -- with more than 80% of them doing work on personal devices.
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2011-3154
Published: 2014-04-17
DistUpgrade/DistUpgradeViewKDE.py in Update Manager before 1:0.87.31.1, 1:0.134.x before 1:0.134.11.1, 1:0.142.x before 1:0.142.23.1, 1:0.150.x before 1:0.150.5.1, and 1:0.152.x before 1:0.152.25.5 does not properly create temporary files, which allows local users to obtain the XAUTHORITY file conte...

CVE-2013-2143
Published: 2014-04-17
The users controller in Katello 1.5.0-14 and earlier, and Red Hat Satellite, does not check authorization for the update_roles action, which allows remote authenticated users to gain privileges by setting a user account to an administrator account.

CVE-2014-0036
Published: 2014-04-17
The rbovirt gem before 0.0.24 for Ruby uses the rest-client gem with SSL verification disabled, which allows remote attackers to conduct man-in-the-middle attacks via unspecified vectors.

CVE-2014-0054
Published: 2014-04-17
The Jaxb2RootElementHttpMessageConverter in Spring MVC in Spring Framework before 3.2.8 and 4.0.0 before 4.0.2 does not disable external entity resolution, which allows remote attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML, aka an XML External ...

CVE-2014-0071
Published: 2014-04-17
PackStack in Red Hat OpenStack 4.0 does not enforce the default security groups when deployed to Neutron, which allows remote attackers to bypass intended access restrictions and make unauthorized connections.

Best of the Web