Perimeter
News & Commentary
How A Little Obscurity Can Bolster Security
Corey Nachreiner, Director, Security Strategy & Research, WatchGuard TechnologiesCommentary
Most security professionals deride the idea of "security by obscurity." Is it time to re-evaluate the conventional wisdom?
By Corey Nachreiner Director, Security Strategy & Research, WatchGuard Technologies, 4/17/2014
Comment18 comments  |  Read  |  Post a Comment
Mobility: Who Bears The Brunt Of Data Security & Privacy
Grayson Milbourne, Director, Security Intelligence, WebrootCommentary
OS manufacturers, app developers, and consumers all have a role to play in smartphone data security. But not everyone is equally responsible.
By Grayson Milbourne Director, Security Intelligence, Webroot, 4/16/2014
Comment3 comments  |  Read  |  Post a Comment
We Are the Perimeter
Malcolm Harkins, Vice President and Chief Security and Privacy Officer, Intel CorporationCommentary
End users, not technology, define the boundaries of the enterprise. Security strategies must protect this new perimeter.
By Malcolm Harkins Vice President and Chief Security and Privacy Officer, Intel Corporation, 4/7/2014
Comment1 Comment  |  Read  |  Post a Comment
Nominum: 24 Million Home Routers Exposing ISPs to DDoS Attacks
Brian Prince, Contributing Writer, Dark ReadingNews
Even Internet service providers that go to great lengths to protect their networks are vulnerable.
By Brian Prince Contributing Writer, Dark Reading, 4/4/2014
Comment7 comments  |  Read  |  Post a Comment
MACH37 Funds Six New Security Startups
Tim Wilson, Editor in Chief, Dark ReadingQuick Hits
The cyberaccelerator MACH37 begins work with six emerging cybersecurity firms.
By Tim Wilson Editor in Chief, Dark Reading, 3/27/2014
Comment1 Comment  |  Read  |  Post a Comment
Is The Hypervisor Security's Goldilocks Zone?
Ericka Chickowski, Contributing Writer, Dark ReadingNews
RSA presentation to put virtualization forward as a tool to fix security's architectural problems
By Ericka Chickowski Contributing Writer, Dark Reading, 2/21/2014
Comment1 Comment  |  Read  |  Post a Comment
Target Compromised Via Its HVAC Contractor's Network Credentials
Brian Prince, Contributing Writer, Dark ReadingNews
Attackers compromised credentials for a third party and were off to the races -- leaving a key concept of network security in the dust
By Brian Prince Contributing Writer, Dark Reading, 2/7/2014
Comment4 comments  |  Read  |  Post a Comment
Corero Unveils New Threat Defense System For Service Providers
Dark Reading, News
Corero SmartWall TDS family of network security appliances protects again DDoS attacks and cyberthreats
By Dark Reading , 2/3/2014
Comment0 comments  |  Read  |  Post a Comment
Slide Show: 20 Security Startups To Watch
Ericka Chickowski, Contributing Writer, Dark Reading
Cloud security, mobile security, advanced behavioral detection, and a few other surprises mark this latest crop of newcomers
By Ericka Chickowski Contributing Writer, Dark Reading, 1/31/2014
Comment2 comments  |  Read  |  Post a Comment
Startup Confer Launches Cyberthreat Prevention Network
Tim Wilson, Editor in Chief, Dark ReadingQuick Hits
New company Confer takes on endpoint security problem with sensors that feed into threat intelligence network
By Tim Wilson Editor in Chief, Dark Reading, 1/30/2014
Comment0 comments  |  Read  |  Post a Comment
The IPS Makeover
John H. Sawyer, Contributing Writer, Dark ReadingNews
Next-gen intrusion-prevention systems have fuller visibility into applications and data. But do newer firewalls make IPS redundant?
By John H. Sawyer Contributing Writer, Dark Reading, 1/28/2014
Comment1 Comment  |  Read  |  Post a Comment
Machine Resiliency as a Defense
Tom Quillin, Director of Cyber Security Technology & Initiatives, Intel CorporationCommentary
If you follow news on cyber security, you might be led to think PCs and endpoints have become increasingly vulnerable.
By Tom Quillin Director of Cyber Security Technology & Initiatives, Intel Corporation, 1/21/2014
Comment1 Comment  |  Read  |  Post a Comment
RSA Conference Controversy Swirls, Spurs Debate Over Boycotts
Brian Prince, Contributing Writer, Dark ReadingNews
Talk of boycotts has circled the RSA conference, but what will the outcome of it all be?
By Brian Prince Contributing Writer, Dark Reading, 1/14/2014
Comment0 comments  |  Read  |  Post a Comment
Knowing Your Cyber Enemy: New Services Open Up Possibilities, But Experts Differ On Techniques, Value
Tim Wilson, Editor in Chief, Dark ReadingNews
As commercial capabilities for identifying online attackers improve, experts, service providers debate methods, costs
By Tim Wilson Editor in Chief, Dark Reading, 1/13/2014
Comment0 comments  |  Read  |  Post a Comment
Researcher Uncovers Backdoor In DSL Routers
Tim Wilson, Editor in Chief, Dark ReadingQuick Hits
Flaw in DSL routers could give attackers full, unauthenticated administrative access, researcher says
By Tim Wilson Editor in Chief, Dark Reading, 1/7/2014
Comment0 comments  |  Read  |  Post a Comment
Syrian Electronic Army Takes Credit For Skype Hack
Tim Wilson, Editor in Chief, Dark ReadingQuick Hits
Syrian hacktivist group says it cracked Microsoft's Skype site, stole damning data
By Tim Wilson Editor in Chief, Dark Reading, 1/6/2014
Comment0 comments  |  Read  |  Post a Comment
Network Baseline Information Key To Detecting Anomalies
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Establishing 'normal' behaviors, traffics, and patterns across the network makes it easier to spot previously unknown bad behavior
By Ericka Chickowski Contributing Writer, Dark Reading, 1/3/2014
Comment0 comments  |  Read  |  Post a Comment
Update Now! A Holiday Carol
Maxim Weinstein, Commentary
In the spirit of the holidays, a cautionary tale set to the tune of a classic Christmas song
By Maxim Weinstein , 12/20/2013
Comment0 comments  |  Read  |  Post a Comment
Target Confirms Massive Breach Affects 40 Million Customers
Tim Wilson, Editor in Chief, Dark ReadingNews
Target says data breach issue 'has been resolved,' but customers are up in arms
By Tim Wilson Editor in Chief, Dark Reading, 12/20/2013
Comment3 comments  |  Read  |  Post a Comment
Using NetFlow Data For More Robust Network Security
Ericka Chickowski, Contributing Writer, Dark ReadingNews
NetFlow can prove a powerful tool for spotting dangerous traffic patterns
By Ericka Chickowski Contributing Writer, Dark Reading, 12/19/2013
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by Marilyn Cohodas
Current Conversations LOL.
In reply to: Check out our new cartoon
Post Your Own Reply
More Conversations
Security Insights
Preying On A Predator
Preying On A Predator
Mac OS X Snow Leopard is perfectly positioned to be the next target for cybercriminals.
Comment0 comments
Read | Post a Comment
More Sophos Security Insights
PR Newswire
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-1421
Published: 2014-04-22
Cross-site scripting (XSS) vulnerability in Craig Knudsen WebCalendar before 1.2.5, 1.2.6, and other versions before 1.2.7 allows remote attackers to inject arbitrary web script or HTML via the Category Name field to category.php.

CVE-2013-2105
Published: 2014-04-22
The Show In Browser (show_in_browser) gem 0.0.3 for Ruby allows local users to inject arbitrary web script or HTML via a symlink attack on /tmp/browser.html.

CVE-2013-2187
Published: 2014-04-22
Cross-site scripting (XSS) vulnerability in Apache Archiva 1.2 through 1.2.2 and 1.3 before 1.3.8 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters, related to the home page.

CVE-2013-4116
Published: 2014-04-22
lib/npm.js in Node Packaged Modules (npm) before 1.3.3 allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names that are created when unpacking archives.

CVE-2013-4472
Published: 2014-04-22
The openTempFile function in goo/gfile.cc in Xpdf and Poppler 0.24.3 and earlier, when running on a system other than Unix, allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names.

Best of the Web