Mobile
News & Commentary
License Plate Recognition Technology Branches Out
Richard W. Walker, Commentary
Law enforcement officials see new security and surveillance uses for license plate recognition technology.
By Richard W. Walker , 4/17/2014
Comment1 Comment  |  Read  |  Post a Comment
Smartphone Kill Switches Coming, But Critics Cry Foul
Thomas Claburn, Editor-at-LargeCommentary
Smartphone makers and carriers agree to add optional kill switches to smartphones, but law enforcement officials say the anti-theft effort doesn't go far enough.
By Thomas Claburn Editor-at-Large, 4/16/2014
Comment18 comments  |  Read  |  Post a Comment
Mobility: Who Bears The Brunt Of Data Security & Privacy
Grayson Milbourne, Director, Security Intelligence, WebrootCommentary
OS manufacturers, app developers, and consumers all have a role to play in smartphone data security. But not everyone is equally responsible.
By Grayson Milbourne Director, Security Intelligence, Webroot, 4/16/2014
Comment3 comments  |  Read  |  Post a Comment
What Is The FIDO Alliance?
Dark Reading, CommentaryVideo
Phillip Dunkelberger of Nok Nok Labs explains why its proposed specifications will transform computing.
By Dark Reading , 4/2/2014
Comment0 comments  |  Read  |  Post a Comment
Bit Errors & the Internet of Things
Jaeson Schultz, Threat Research Engineer, Cisco TRAC TeamCommentary
Internet traffic, misdirected to malicious bitsquatted domains, has plagued computer security for years. The consequences will be even worse for the IoT.
By Jaeson Schultz Threat Research Engineer, Cisco TRAC Team, 3/31/2014
Comment7 comments  |  Read  |  Post a Comment
Android Apps Hide Crypto-Currency Mining Malware
Mathew J. Schwartz, News
Apps downloaded by millions from Google Play and Spanish software forums include hidden altcoin-mining software. But criminals aren't getting rich quickly.
By Mathew J. Schwartz , 3/27/2014
Comment1 Comment  |  Read  |  Post a Comment
A Cyber History Of The Ukraine Conflict
John Bumgarner, Chief Technology Officer for the U.S. Cyber Consequences UnitCommentary
The CTO for the US Cyber Consequences Unit offers a brief lesson in Russian geopolitics and related cyber flare-ups, and explains why we should be concerned.
By John Bumgarner Chief Technology Officer for the U.S. Cyber Consequences Unit, 3/27/2014
Comment5 comments  |  Read  |  Post a Comment
Finally, Plug & Play Authentication!
Phil Dunkelberger, President & CEO, Nok Nok LabsCommentaryVideo
FIDO Alliance technology will allow enterprises to replace passwords with plug-and-play multifactor authentication.
By Phil Dunkelberger President & CEO, Nok Nok Labs, 3/26/2014
Comment1 Comment  |  Read  |  Post a Comment
Luck O' The Irish: Caption Contest Winners Announced
Marilyn Cohodas, Community Editor, Dark ReadingCommentary
A lot of blarney tinged with geek. And the winning caption is...
By Marilyn Cohodas Community Editor, Dark Reading, 3/20/2014
Comment4 comments  |  Read  |  Post a Comment
Attackers Hit Clearinghouse Selling Stolen Target Data
Mathew J. Schwartz, News
Hackers interrupt and deface sites of black-market forums selling credit card data stolen from Target and other retailers.
By Mathew J. Schwartz , 3/18/2014
Comment4 comments  |  Read  |  Post a Comment
Voice, Proximity Key To Cutting
E-Payment Fraud
Pat Carroll, Executive Chairman & Founder, ValidSoftCommentary
While we wait for EMV, US companies should lay the groundwork for strong security.
By Pat Carroll Executive Chairman & Founder, ValidSoft, 3/18/2014
Comment2 comments  |  Read  |  Post a Comment
7 Behaviors That Could Indicate A Security Breach
Becca Lipman, News
Breaches create outliers. Identifying anomalous activity can help keep firms in compliance and out of the headlines.
By Becca Lipman , 3/14/2014
Comment1 Comment  |  Read  |  Post a Comment
Samsung Galaxy Security Alert: Android Backdoor Discovered
Mathew J. Schwartz, News
Samsung's flavor of Android has a backdoor that can be remotely exploited by attackers, Android developers warn.
By Mathew J. Schwartz , 3/13/2014
Comment1 Comment  |  Read  |  Post a Comment
The Case For Browser-Based Access Controls
Garret Grajek, CTO & COO, SecureAuthCommentary
Is "browser-ized" security a better defense against hackers than traditional methods? Check out these two examples.
By Garret Grajek CTO & COO, SecureAuth, 3/7/2014
Comment2 comments  |  Read  |  Post a Comment
Apple iOS Vulnerable To Hidden Profile Attacks
Mathew J. Schwartz, News
Unpatched flaw in iOS enables malicious profile users to secretly control devices and intercept data.
By Mathew J. Schwartz , 3/6/2014
Comment0 comments  |  Read  |  Post a Comment
FreedomPop Debuts Encrypted Snowden Phone
Eric Zeman, News
Prepaid phone carrier promises secure messaging, anonymous browsing to security-minded customers.
By Eric Zeman , 3/5/2014
Comment3 comments  |  Read  |  Post a Comment
Cryptocat Wins Apple Approval
Thomas Claburn, Editor-at-LargeNews
NSA surveillance and other worldwide events drive interest in secure messaging, and iOS users now have a new option.
By Thomas Claburn Editor-at-Large, 3/5/2014
Comment1 Comment  |  Read  |  Post a Comment
Name That Cartoon: Luck O' The Irish
John Klossner, CartoonistCommentary
We provide the cartoon. You write the caption. Maybe you'll win a prize.
By John Klossner Cartoonist, 3/3/2014
Comment101 comments  |  Read  |  Post a Comment
Boeing Unveils Self-Destructing Smartphone
Elena Malykhina, Technology JournalistQuick Hits
Rugged and super-secure Boeing Black smartphone targets government agencies involved with defense and homeland security
By Elena Malykhina Technology Journalist, 2/28/2014
Comment0 comments  |  Read  |  Post a Comment
Apple SSL Vulnerability: 6 Facts
Mathew J. Schwartz, News
SSL vulnerability that's been patched in iOS -- but not yet for OS X -- lets attackers intercept email and FaceTime communications, plus push malicious software updates.
By Mathew J. Schwartz , 2/25/2014
Comment1 Comment  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Security Insights
RIM's Biggest Network Disruption Over: Now What?
RIM's Biggest Network Disruption Over: Now What?
Service disruption becoming all too familiar outcome for BlackBerry users
Comment0 comments
Read | Post a Comment
More Sophos Security Insights
PR Newswire
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Containing Corporate Data on Mobile Devices
Containing Corporate Data on Mobile Devices
If youíre still focused on securing endpoints, youíve got your work cut out for you. WiFi network provider iPass surveyed 1,600 mobile workers and found that the average US employee carries three devices -- a smartphone, a computer, and a tablet or e-reader -- with more than 80% of them doing work on personal devices.
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2011-0460
Published: 2014-04-16
The init script in kbd, possibly 1.14.1 and earlier, allows local users to overwrite arbitrary files via a symlink attack on /dev/shm/defkeymap.map.

CVE-2011-0993
Published: 2014-04-16
SUSE Lifecycle Management Server before 1.1 uses world readable postgres credentials, which allows local users to obtain sensitive information via unspecified vectors.

CVE-2011-3180
Published: 2014-04-16
kiwi before 4.98.08, as used in SUSE Studio Onsite 1.2 before 1.2.1 and SUSE Studio Extension for System z 1.2 before 1.2.1, allows attackers to execute arbitrary commands via shell metacharacters in the path of an overlay file, related to chown.

CVE-2011-4089
Published: 2014-04-16
The bzexe command in bzip2 1.0.5 and earlier generates compressed executables that do not properly handle temporary files during extraction, which allows local users to execute arbitrary code by precreating a temporary directory.

CVE-2011-4192
Published: 2014-04-16
kiwi before 4.85.1, as used in SUSE Studio Onsite 1.2 before 1.2.1 and SUSE Studio Extension for System z 1.2 before 1.2.1, allows attackers to execute arbitrary commands as demonstrated by "double quotes in kiwi_oemtitle of .profile."

Best of the Web