Mobile
News & Commentary
Why John McAfee Is Paranoid About Mobile
Peter Zavlaris, Analyst, RiskIQCommentary
Mobile apps are posing expanding risks to both enterprises and their customers. But maybe being paranoid about mobile is actually healthy for security.
By Peter Zavlaris Analyst, RiskIQ, 8/19/2014
Comment5 comments  |  Read  |  Post a Comment
California Nears Smartphone Kill Switch
Eric Zeman, Commentary
Law would force phone makers to add remote kill switches; Apple, Google, and Microsoft have already agreed to implement them.
By Eric Zeman , 8/12/2014
Comment13 comments  |  Read  |  Post a Comment
Facebook Malware: Protect Your Profile
Kristin Burnham, Senior Editor, InformationWeek.comCommentary
Malicious "Color Change" app has resurfaced on Facebook, compromising thousands of profiles. Here's what to do if you're infected.
By Kristin Burnham Senior Editor, InformationWeek.com, 8/8/2014
Comment12 comments  |  Read  |  Post a Comment
The Hyperconnected World Has Arrived
Michael Sutton, VP Security Research, ZscalerCommentary
Yes, the ever-expanding attack surface of the Internet of Things is overwhelming. But next-gen security leaders gathered at Black Hat are up to the challenge.
By Michael Sutton VP Security Research, Zscaler, 8/8/2014
Comment6 comments  |  Read  |  Post a Comment
Chinese Government Rejects Apple's iPad
Thomas Claburn, Editor-at-LargeCommentary
Ten Apple products have been removed from a list of products that can be bought with Chinese government funds.
By Thomas Claburn Editor-at-Large, 8/6/2014
Comment11 comments  |  Read  |  Post a Comment
A Peek Inside The Black Hat Show Network
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Black Hat USA's wireless network offers authenticated, secure access as well as 'open' access.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 8/5/2014
Comment0 comments  |  Read  |  Post a Comment
LIVE From Las Vegas: Dark Reading Radio at Black Hat
Marilyn Cohodas, Community Editor, Dark ReadingCommentary
If you can't physically be at Black Hat USA 2014, Dark Reading offers a virtual alternative where you can engage with presenters and attendees about hot show topics and trends.
By Marilyn Cohodas Community Editor, Dark Reading, 8/1/2014
Comment2 comments  |  Read  |  Post a Comment
New Mobile Phone '0wnage' Threat Discovered
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Widespread major vulnerabilities discovered in client control software that affect nearly all smartphone platforms: Details to come at Black Hat USA next week.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 7/31/2014
Comment6 comments  |  Read  |  Post a Comment
Hilton Turns Smartphones Into Room Keys
Thomas Claburn, Editor-at-LargeCommentary
Hilton hotel chain plans to let smartphones unlock guest rooms starting next year.
By Thomas Claburn Editor-at-Large, 7/29/2014
Comment14 comments  |  Read  |  Post a Comment
Internet of Things: 4 Security Tips From The Military
Michael K. Daly, CTO, Cybersecurity & Special Missions, Raytheon Intelligence, Information & ServicesCommentary
The military has been connecting mobile command posts, unmanned vehicles, and wearable computers for decades. It’s time to take a page from their battle plan.
By Michael K. Daly CTO, Cybersecurity & Special Missions, Raytheon Intelligence, Information & Services, 7/25/2014
Comment13 comments  |  Read  |  Post a Comment
Apple Documents Undisclosed iOS Services
Thomas Claburn, Editor-at-LargeCommentary
Apple describes services as "diagnostic," but does not address criticism that backdoors undermine security and privacy.
By Thomas Claburn Editor-at-Large, 7/23/2014
Comment0 comments  |  Read  |  Post a Comment
Wearables In Healthcare: Privacy Rules Needed
Alison Diana, Senior EditorCommentary
Johns Hopkins patient privacy violation didn't involve Google Glass or wearables but indicates why the healthcare industry must head off trouble with wearables in clinical settings.
By Alison Diana Senior Editor, 7/23/2014
Comment4 comments  |  Read  |  Post a Comment
Infographic: With BYOD, Mobile Is The New Desktop
Adam Ely, COO, BlueboxCommentary
Security teams have no choice but to embrace the rapid proliferation of BYO devices, apps, and cloud services. To ignore it is to put your head in the sand.
By Adam Ely COO, Bluebox, 7/22/2014
Comment8 comments  |  Read  |  Post a Comment
Hidden iOS Services Bypass Security
Thomas Claburn, Editor-at-LargeCommentary
A computer researcher asks why Apple allows undocumented services to bypass encryption and access user data.
By Thomas Claburn Editor-at-Large, 7/21/2014
Comment13 comments  |  Read  |  Post a Comment
Tapping Into A Homemade Android Army
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Black Hat speaker will detail how security researchers can expedite their work across numerous Android devices at once.
By Ericka Chickowski Contributing Writer, Dark Reading, 7/15/2014
Comment2 comments  |  Read  |  Post a Comment
Dark Reading Radio: Where Do Security Startups Come From?
Tim Wilson, Editor in Chief, Dark ReadingCommentary
This week's radio broadcast will discuss how hot new security companies are born and how they are funded. Showtime is 1:00 p.m. ET.
By Tim Wilson Editor in Chief, Dark Reading, 7/15/2014
Comment2 comments  |  Read  |  Post a Comment
China Labels iPhone A Security Threat
Eric Zeman, Commentary
State media says the iPhone's ability to collect user location data is dangerous.
By Eric Zeman , 7/11/2014
Comment6 comments  |  Read  |  Post a Comment
Silent Circle Challenges Skype, Telecoms With Encrypted Calling
Thomas Claburn, Editor-at-LargeCommentary
Blackphone maker's affordable encrypted calls could appeal to security-conscious businesses.
By Thomas Claburn Editor-at-Large, 7/11/2014
Comment1 Comment  |  Read  |  Post a Comment
Cloud & The Fuzzy Math of Shadow IT
Krishna Narayanaswamy, Founder & Chief Scientist, NetskopeCommentary
Do you know how many cloud apps, on average, are running in your organization? The number is probably greater than you think.
By Krishna Narayanaswamy Founder & Chief Scientist, Netskope, 7/10/2014
Comment14 comments  |  Read  |  Post a Comment
'Windows To Go' Device Wins Federal Cryptographic Certification
David F Carr, Editor, InformationWeek HealthcareCommentary
With FIPS 140-2 Level 3 certification, the Imation IronKey portable USB-based workspace becomes a mobility option for both civilian and military agencies.
By David F Carr Editor, InformationWeek Healthcare, 7/10/2014
Comment1 Comment  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Security Insights
RIM's Biggest Network Disruption Over: Now What?
RIM's Biggest Network Disruption Over: Now What?
Service disruption becoming all too familiar outcome for BlackBerry users
Comment0 comments
Read | Post a Comment
More Sophos Security Insights
PR Newswire
Register for Dark Reading Newsletters
White Papers
Current Issue
Cartoon
Containing Corporate Data on Mobile Devices
Containing Corporate Data on Mobile Devices
If you’re still focused on securing endpoints, you’ve got your work cut out for you. WiFi network provider iPass surveyed 1,600 mobile workers and found that the average US employee carries three devices -- a smartphone, a computer, and a tablet or e-reader -- with more than 80% of them doing work on personal devices.
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-3341
Published: 2014-08-19
The SNMP module in Cisco NX-OS 7.0(3)N1(1) and earlier on Nexus 5000 and 6000 devices provides different error messages for invalid requests depending on whether the VLAN ID exists, which allows remote attackers to enumerate VLANs via a series of requests, aka Bug ID CSCup85616.

CVE-2014-3464
Published: 2014-08-19
The EJB invocation handler implementation in Red Hat JBossWS, as used in JBoss Enterprise Application Platform (EAP) 6.2.0 and 6.3.0, does not properly enforce the method level restrictions for outbound messages, which allows remote authenticated users to access otherwise restricted JAX-WS handlers ...

CVE-2014-3472
Published: 2014-08-19
The isCallerInRole function in SimpleSecurityManager in JBoss Application Server (AS) 7, as used in Red Hat JBoss Enterprise Application Platform (JBEAP) 6.3.0, does not properly check caller roles, which allows remote authenticated users to bypass access restrictions via unspecified vectors.

CVE-2014-3490
Published: 2014-08-19
RESTEasy 2.3.1 before 2.3.8.SP2 and 3.x before 3.0.9, as used in Red Hat JBoss Enterprise Application Platform (EAP) 6.3.0, does not disable external entities when the resteasy.document.expand.entity.references parameter is set to false, which allows remote attackers to read arbitrary files and have...

CVE-2014-3504
Published: 2014-08-19
The (1) serf_ssl_cert_issuer, (2) serf_ssl_cert_subject, and (3) serf_ssl_cert_certificate functions in Serf 0.2.0 through 1.3.x before 1.3.7 does not properly handle a NUL byte in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers...

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Dark Reading continuing coverage of the Black Hat 2014 conference brings interviews and commentary to Dark Reading listeners.