Perimeter
News & Commentary
How To Build Battle-Tested Websites
Joe Masters Emison, CTO, BuildFaxCommentary
It doesn't matter whether your e-commerce D-Day is Black Friday, tax day, or some random Thursday when a post goes viral. Your websites need to be ready.
By Joe Masters Emison CTO, BuildFax, 9/17/2014
Comment0 comments  |  Read  |  Post a Comment
5 Myths: Why We Are All Data Security Risks
Lance Cottrell, Chief Scientist, NtrepidCommentary
I am absolutely sure that I could be tricked by a well-crafted spear phishing attack, and I am equally sure I could do the same to you.
By Lance Cottrell Chief Scientist, Ntrepid, 9/15/2014
Comment12 comments  |  Read  |  Post a Comment
Apple Pay: A Necessary Push To Transform Consumer Payments
Lucas Zaichkowsky, Enterprise Defense Architect, AccessDataCommentary
Apple Pay is a strategic move that will rival PayPal and other contenders in the mobile wallet marketplace. The big question is whether consumers and businesses are ready to ditch the plastic.
By Lucas Zaichkowsky Enterprise Defense Architect, AccessData, 9/11/2014
Comment16 comments  |  Read  |  Post a Comment
Privacy, Security & The Geography Of Data Protection
Malte Pollmann, CEO, UtimacoCommentary
Data generation is global, so why do different parts of the world react differently to the same threat of security breaches and backdoors?
By Malte Pollmann CEO, Utimaco, 9/11/2014
Comment6 comments  |  Read  |  Post a Comment
Mobile, Cloud, Partners: Where’s The Weak Link?
Dark Reading,
Your perimeter now incorporates mobile devices, cloud services, and partner networks, so it should be clear that the “moat” method no longer cuts it.
By Dark Reading , 9/9/2014
Comment1 Comment  |  Read  |  Post a Comment
In Cloud We Trust: A New Model
Evelyn De Souza & Richard Noguera, Cloud Security Alliance Data Governance Chair & Cloud Compliance & Data Privacy Strategy Leader, CiscoCommentary
The solution to the problem of data security in the public cloud will require more than a traditional compliance-driven approach.
By Evelyn De Souza & Richard Noguera Cloud Security Alliance Data Governance Chair & Cloud Compliance & Data Privacy Strategy Leader, Cisco, 9/4/2014
Comment11 comments  |  Read  |  Post a Comment
Top 5 Reasons Your Small Business Website is Under Attack
Chris Weltzien, CEO, 6Scan Commentary
There is no such thing as “too small to hack.” If a business has a website, hackers can exploit it.
By Chris Weltzien CEO, 6Scan , 8/26/2014
Comment29 comments  |  Read  |  Post a Comment
Why John McAfee Is Paranoid About Mobile
Peter Zavlaris, Analyst, RiskIQCommentary
Mobile apps are posing expanding risks to both enterprises and their customers. But maybe being paranoid about mobile is actually healthy for security.
By Peter Zavlaris Analyst, RiskIQ, 8/19/2014
Comment13 comments  |  Read  |  Post a Comment
6 Biometric Factors That Are Working Today
Marilyn Cohodas, Community Editor, Dark Reading
From fingerprints to wearable ECG monitors, there are real options in the market that may relegate the despised password to the dustbin of history.
By Marilyn Cohodas Community Editor, Dark Reading, 8/12/2014
Comment23 comments  |  Read  |  Post a Comment
Dark Reading Plans Special Coverage Of Black Hat USA 2014
Tim Wilson, Editor in Chief, Dark ReadingCommentary
Radio shows, daily newsletter, and panel sessions highlight Dark Reading's comprehensive coverage of the Black Hat conference.
By Tim Wilson Editor in Chief, Dark Reading, 8/4/2014
Comment0 comments  |  Read  |  Post a Comment
LIVE From Las Vegas: Dark Reading Radio at Black Hat
Marilyn Cohodas, Community Editor, Dark ReadingCommentary
If you can't physically be at Black Hat USA 2014, Dark Reading offers a virtual alternative where you can engage with presenters and attendees about hot show topics and trends.
By Marilyn Cohodas Community Editor, Dark Reading, 8/1/2014
Comment2 comments  |  Read  |  Post a Comment
Dark Reading Radio: Data Loss Prevention (DLP) Fail
Kelly Jackson Higgins, Executive Editor at Dark ReadingCommentary
Learn about newly found vulnerabilities in commercial and open-source DLP software in our latest episode of Dark Reading Radio with security researchers Zach Lanier and Kelly Lum.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 7/29/2014
Comment8 comments  |  Read  |  Post a Comment
Internet of Things: 4 Security Tips From The Military
Michael K. Daly, CTO, Cybersecurity & Special Missions, Raytheon Intelligence, Information & ServicesCommentary
The military has been connecting mobile command posts, unmanned vehicles, and wearable computers for decades. It’s time to take a page from their battle plan.
By Michael K. Daly CTO, Cybersecurity & Special Missions, Raytheon Intelligence, Information & Services, 7/25/2014
Comment13 comments  |  Read  |  Post a Comment
Infographic: With BYOD, Mobile Is The New Desktop
Adam Ely, COO, BlueboxCommentary
Security teams have no choice but to embrace the rapid proliferation of BYO devices, apps, and cloud services. To ignore it is to put your head in the sand.
By Adam Ely COO, Bluebox, 7/22/2014
Comment8 comments  |  Read  |  Post a Comment
Internet of Things: Security For A World Of Ubiquitous Computing
Candace Worley, SVP & GM, Endpoint Security, McAfeeCommentary
Endpoint security is hardly dead, and claiming that it is oversimplifies the challenges corporations face now and in the not-very-distant future.
By Candace Worley SVP & GM, Endpoint Security, McAfee, 7/21/2014
Comment5 comments  |  Read  |  Post a Comment
Why A Secured Network Is Like The Human Body
Dan Ross, CEO & President, PromisecCommentary
It’s time to throw away the analogies about building fortresses and perimeter defenses and start to approach InfoSec with the same standard of care we use for public health.
By Dan Ross CEO & President, Promisec, 6/26/2014
Comment11 comments  |  Read  |  Post a Comment
Content Widget Maker Taboola Is Hacked On Reuters
Tim Wilson, Editor in Chief, Dark ReadingQuick Hits
Syrian Electronic Army targets widget used by many publishers to surface content that the reader might like.
By Tim Wilson Editor in Chief, Dark Reading, 6/24/2014
Comment1 Comment  |  Read  |  Post a Comment
Experts: CrowdStrike China Hacker Report Raises Red Flags For Business
Tim Wilson, Editor in Chief, Dark ReadingNews
The second report on China’s hacking teams supports Department of Justice's accusations, offers insight on Chinese attackers.
By Tim Wilson Editor in Chief, Dark Reading, 6/11/2014
Comment1 Comment  |  Read  |  Post a Comment
If HTML5 Is The Future, What Happens To Access Control?
Garret Grajek, CTO & COO, SecureAuthCommentary
The solution for multi-device deployment is HTML5. The challenge, for the enterprise, is deploying it correctly. Here are seven tools you will need.
By Garret Grajek CTO & COO, SecureAuth, 6/5/2014
Comment1 Comment  |  Read  |  Post a Comment
How The Math Of Biometric Authentication Adds Up
Dave Kearns, Analyst, Kuppinger-ColeCommentary
Yes, it's true that if your authentication scheme only allows a single fingerprint you only have 10 choices. But there's no rule that says it has to be one, and only one.
By Dave Kearns Analyst, Kuppinger-Cole, 6/2/2014
Comment12 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Security Insights
Back To Basics
Back To Basics
By failing to execute on basic security, we’re making the attacker's job too easy.
Comment2 comments
Read | Post a Comment
More Sophos Security Insights
PR Newswire
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading, September 16, 2014
Malicious software is morphing to be more targeted, stealthy, and destructive. Are you prepared to stop it?
Title Partner’s Role in Perimeter Security
Title Partner’s Role in Perimeter Security
Considering how prevalent third-party attacks are, we need to ask hard questions about how partners and suppliers are safeguarding systems and data.
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-2886
Published: 2014-09-18
GKSu 2.0.2, when sudo-mode is not enabled, uses " (double quote) characters in a gksu-run-helper argument, which allows attackers to execute arbitrary commands in certain situations involving an untrusted substring within this argument, as demonstrated by an untrusted filename encountered during ins...

CVE-2014-4352
Published: 2014-09-18
Address Book in Apple iOS before 8 relies on the hardware UID for its encryption key, which makes it easier for physically proximate attackers to obtain sensitive information by obtaining this UID.

CVE-2014-4353
Published: 2014-09-18
Race condition in iMessage in Apple iOS before 8 allows attackers to obtain sensitive information by leveraging the presence of an attachment after the deletion of its parent (1) iMessage or (2) MMS.

CVE-2014-4354
Published: 2014-09-18
Apple iOS before 8 enables Bluetooth during all upgrade actions, which makes it easier for remote attackers to bypass intended access restrictions via a Bluetooth session.

CVE-2014-4356
Published: 2014-09-18
Apple iOS before 8 does not follow the intended configuration setting for text-message preview on the lock screen, which allows physically proximate attackers to obtain sensitive information by reading this screen.

Best of the Web
Dark Reading Radio