Mobile
News & Commentary
Killing Passwords: Don’t Get A-Twitter Over ‘Digits’
Dave Kearns, Analyst, Kuppinger-ColeCommentary
Twitter’s new service that eliminates passwords for authentication actually makes your mobile device less secure.
By Dave Kearns Analyst, Kuppinger-Cole, 11/19/2014
Comment5 comments  |  Read  |  Post a Comment
‘Walk & Stalk’: A New Twist In Cyberstalking
Ken Munro,  Partner & Founder, Pen Test Partners LLPCommentary
How hackers can turn Wifi signals from smartphones and tablets into a homing beacon that captures users' online credentials and follows them, undetected, throughout the course of the day.
By Ken Munro Partner & Founder, Pen Test Partners LLP, 11/11/2014
Comment4 comments  |  Read  |  Post a Comment
WireLurker: A New Age In Mac OSX, iOS Malware
Sara Peters, Senior Editor at Dark ReadingNews
WireLurker authors are likely independent individuals based in China who are Mac development experts and cybercrime amateurs.
By Sara Peters Senior Editor at Dark Reading, 11/6/2014
Comment1 Comment  |  Read  |  Post a Comment
New Malware Targets iOS, OS X
Eric Zeman, News
WireLurker infects iPhones and iPads via USB cable when attached to Macs.
By Eric Zeman , 11/6/2014
Comment4 comments  |  Read  |  Post a Comment
iOS 8 Vs. Android: How Secure Is Your Data?
Adam Ely, COO, BlueboxCommentary
With iOS 8, the lines between iOS and Android are blurring. No longer is iOS the heavily fortified environment and Android the wide-open one.
By Adam Ely COO, Bluebox, 11/5/2014
Comment4 comments  |  Read  |  Post a Comment
'Blur' Protects Against Online Tracking
Kristin Burnham, Senior Editor, InformationWeek.comNews
New tool blocks companies from tracking you online, lets you mask sensitive information such as email, phone number, and credit card information.
By Kristin Burnham Senior Editor, InformationWeek.com, 11/4/2014
Comment7 comments  |  Read  |  Post a Comment
4 Essentials For Mobile Device VPNs
Patrick Oliver Graf, GM, Americas, NCP EngineeringCommentary
VPNs for smartphones and tablets have different requirements than laptops. Here’s what you need to know.
By Patrick Oliver Graf GM, Americas, NCP Engineering, 10/31/2014
Comment10 comments  |  Read  |  Post a Comment
Verizon Wireless Embroiled In Tracking Controversy
Kristin Burnham, Senior Editor, InformationWeek.comNews
Verizon Wireless is in hot water with security and privacy advocates regarding unique identifier headers that function as what one EFF expert calls "perma-cookies."
By Kristin Burnham Senior Editor, InformationWeek.com, 10/29/2014
Comment13 comments  |  Read  |  Post a Comment
Samsung Knox Is Weak, Researcher Says
Thomas Claburn, Editor-at-LargeNews
Samsung's Knox security software for Android devices handles passwords in a way that undermines encryption, an anonymous researcher says.
By Thomas Claburn Editor-at-Large, 10/24/2014
Comment7 comments  |  Read  |  Post a Comment
3 Enterprise Security Tenets To Take Personally
David Fowler, VP Marketing, INetUCommentary
Individuals need to become conscious advocates for their own security -- after all, no one cares about your data like you do.
By David Fowler VP Marketing, INetU, 10/24/2014
Comment4 comments  |  Read  |  Post a Comment
The Internet of Things: 7 Scary Security Scenarios
Marilyn Cohodas, Community Editor, Dark Reading
The IoT can be frightening when viewed from the vantage point of information security.
By Marilyn Cohodas Community Editor, Dark Reading, 10/16/2014
Comment9 comments  |  Read  |  Post a Comment
Tokenization: 6 Reasons The Card Industry Should Be Wary
Pat Carroll, Executive Chairman & Founder, ValidSoftCommentary
VISA’s new token service aims to provide consumers a simple, fraud-free digital payment experience. It’s a worthy goal, but one that may prove to be more aspirational than functional.
By Pat Carroll Executive Chairman & Founder, ValidSoft, 10/7/2014
Comment4 comments  |  Read  |  Post a Comment
Marriott Pays $600,000 For Jamming WiFi Hotspots
Thomas Claburn, Editor-at-LargeNews
Marriott International has agreed to settle an FCC complaint regarding blockage of guests' WiFi hotspots.
By Thomas Claburn Editor-at-Large, 10/4/2014
Comment3 comments  |  Read  |  Post a Comment
Cellphones OK For EU Airlines
Thomas Claburn, Editor-at-LargeNews
European regulators allow voice calls throughout flights.
By Thomas Claburn Editor-at-Large, 9/29/2014
Comment7 comments  |  Read  |  Post a Comment
iOS In-App Browsing Poses Security Risk
Thomas Claburn, Editor-at-LargeNews
iOS developer warns that browser windows invoked within third-party apps allow information theft.
By Thomas Claburn Editor-at-Large, 9/26/2014
Comment1 Comment  |  Read  |  Post a Comment
Mobile-Only Employee Trend Could Break Security Models
Ericka Chickowski, Contributing Writer, Dark ReadingNews
One-third of employees exclusively use mobile devices for work, but security organizations still aren't shifting their risk management focus.
By Ericka Chickowski Contributing Writer, Dark Reading, 9/22/2014
Comment10 comments  |  Read  |  Post a Comment
Google Plans To Encrypt Android Data By Default
Thomas Claburn, Editor-at-LargeNews
After Apple CEO Tim Cook talks up iOS8 data security, Google says the next version of Android will shield data on devices more effectively.
By Thomas Claburn Editor-at-Large, 9/20/2014
Comment18 comments  |  Read  |  Post a Comment
Mobile Device Security Isn't All About Devices
Sara Peters, Senior Editor at Dark ReadingCommentaryVideo
Roberto Medrano, executive vice president of SOA Software, explains why securing mobile applications and APIs is so essential.
By Sara Peters Senior Editor at Dark Reading, 9/19/2014
Comment2 comments  |  Read  |  Post a Comment
Apple CEO: We Don't Covet Your Data
Thomas Claburn, Editor-at-LargeNews
Apple CEO Tim Cook highlights the company's commitment to privacy in an open letter.
By Thomas Claburn Editor-at-Large, 9/18/2014
Comment13 comments  |  Read  |  Post a Comment
Facebook Explains iOS 8 App Privacy Changes
Kristin Burnham, Senior Editor, InformationWeek.comNews
Despite tweaks to a privacy setting in iOS 8, Facebook says it's not tracking you any more than it already has been.
By Kristin Burnham Senior Editor, InformationWeek.com, 9/18/2014
Comment2 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading December Tech Digest
Experts weigh in on the pros and cons of end-user security training.
Flash Poll
Containing Corporate Data on Mobile Devices
Containing Corporate Data on Mobile Devices
If you’re still focused on securing endpoints, you’ve got your work cut out for you. WiFi network provider iPass surveyed 1,600 mobile workers and found that the average US employee carries three devices -- a smartphone, a computer, and a tablet or e-reader -- with more than 80% of them doing work on personal devices.
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-4807
Published: 2014-11-22
Sterling Order Management in IBM Sterling Selling and Fulfillment Suite 9.3.0 before FP8 allows remote authenticated users to cause a denial of service (CPU consumption) via a '\0' character.

CVE-2014-6183
Published: 2014-11-22
IBM Security Network Protection 5.1 before 5.1.0.0 FP13, 5.1.1 before 5.1.1.0 FP8, 5.1.2 before 5.1.2.0 FP9, 5.1.2.1 before FP5, 5.2 before 5.2.0.0 FP5, and 5.3 before 5.3.0.0 FP1 on XGS devices allows remote authenticated users to execute arbitrary commands via unspecified vectors.

CVE-2014-5395
Published: 2014-11-21
Multiple cross-site request forgery (CSRF) vulnerabilities in Huawei HiLink E3276 and E3236 TCPU before V200R002B470D13SP00C00 and WebUI before V100R007B100D03SP01C03, E5180s-22 before 21.270.21.00.00, and E586Bs-2 before 21.322.10.00.889 allow remote attackers to hijack the authentication of users ...

CVE-2014-7137
Published: 2014-11-21
Multiple SQL injection vulnerabilities in Dolibarr ERP/CRM before 3.6.1 allow remote authenticated users to execute arbitrary SQL commands via the (1) contactid parameter in an addcontact action, (2) ligne parameter in a swapstatut action, or (3) project_ref parameter to projet/tasks/contact.php; (4...

CVE-2014-7871
Published: 2014-11-21
SQL injection vulnerability in Open-Xchange (OX) AppSuite before 7.4.2-rev36 and 7.6.x before 7.6.0-rev23 allows remote authenticated users to execute arbitrary SQL commands via a crafted jslob API call.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Now that the holiday season is about to begin both online and in stores, will this be yet another season of nonstop gifting to cybercriminals?