Operations
News & Commentary
Weak Password Advice From Microsoft
Andrey Dulkin, Senior Director, Cyber Innovation, CyberArkCommentary
Tempting as it may seem to do away with strong passwords for low-risk websites, password reuse is still a significant threat to both users and business.
By Andrey Dulkin Senior Director, Cyber Innovation, CyberArk, 7/28/2014
Comment1 Comment  |  Read  |  Post a Comment
How To Build A Federal Information Security Team
(ISC)2 Writers Bureau, Commentary
Federal security officers face many challenges building and maintaining an information security team. Here are some tips for putting together a group of employees that will protect your systems and data.
By (ISC)2 Writers Bureau , 7/28/2014
Comment1 Comment  |  Read  |  Post a Comment
Passwords Be Gone! Removing 4 Barriers To Strong Authentication
Phillip M. Dunkelberger, President & CEO, Nok Nok LabsCommentary
As biometric factors become more prevalent on mobile devices, FIDO Alliance standards will gain traction as an industry-wide authentication solution.
By Phillip M. Dunkelberger President & CEO, Nok Nok Labs, 7/24/2014
Comment7 comments  |  Read  |  Post a Comment
CEO Report Card: Low Grades for Risk Management
Marilyn Cohodas, Community Editor, Dark ReadingCommentary
Dark Reading's latest community poll shows a stunning lack of confidence in chief execs' commitment to cyber security.
By Marilyn Cohodas Community Editor, Dark Reading, 7/18/2014
Comment12 comments  |  Read  |  Post a Comment
A New Age in Cyber Security: Public Cyberhealth
Brian Foster, CTO, DamballaCommentary
The cleanup aimed at disrupting GameOver Zeus and CryptoLocker offers an instructive template for managing mass cyber infections.
By Brian Foster CTO, Damballa, 7/17/2014
Comment5 comments  |  Read  |  Post a Comment
Passwords & The Future Of Identity: Payment Networks?
Andre Boysen, EVP, Digital Identity Evangelist, SecureKeyCommentary
The solution to the omnipresent and enduring password problem may be closer than you think.
By Andre Boysen EVP, Digital Identity Evangelist, SecureKey, 7/16/2014
Comment17 comments  |  Read  |  Post a Comment
Payment Card Data Theft: Tips For Small Business
Chris Nutt, Director, Incident Response & Malware, MandiantCommentary
For small businesses looking to reduce their exposure to data theft the good news is the advantage of being small.
By Chris Nutt Director, Incident Response & Malware, Mandiant, 7/15/2014
Comment7 comments  |  Read  |  Post a Comment
Dark Reading Radio: Where Do Security Startups Come From?
Tim Wilson, Editor in Chief, Dark ReadingCommentary
This week's radio broadcast will discuss how hot new security companies are born and how they are funded. Showtime is 1:00 p.m. ET.
By Tim Wilson Editor in Chief, Dark Reading, 7/15/2014
Comment2 comments  |  Read  |  Post a Comment
Government Security: Saying 'No' Doesn't Work
Steve Jones, Group Strategy Director, Big Data & Analytics, CapgeminiCommentary
It's time for government agencies to move beyond draconian security rules and adopt anomaly analytics.
By Steve Jones Group Strategy Director, Big Data & Analytics, Capgemini, 7/14/2014
Comment0 comments  |  Read  |  Post a Comment
Strategic Security: Begin With The End In Mind
Jason Sachowski, Sr. Manager, Security R&D, ScotiabankCommentary
The trouble with traditional infosec methodology is that it doesn’t show us how to implement a strategic security plan in the real world.
By Jason Sachowski Sr. Manager, Security R&D, Scotiabank, 7/11/2014
Comment9 comments  |  Read  |  Post a Comment
In Fog Of Cyberwar, US Tech Is Caught In Crossfire
Julian Waits, President & CEO, ThreatTrack SecurityCommentary
Distrust of the US intelligence community is eroding consumer confidence and hampering US technology firms on the global stage at a time when the sector should be showing unprecedented growth.
By Julian Waits President & CEO, ThreatTrack Security, 7/9/2014
Comment6 comments  |  Read  |  Post a Comment
3 BYOD Risk Prevention Strategies
Jim Szafranski, SVP Customer Platform Services, FiberlinkCommentary
An effective BYOD plan must balance control with convenience. Here's what to keep in mind.
By Jim Szafranski SVP Customer Platform Services, Fiberlink, 7/8/2014
Comment2 comments  |  Read  |  Post a Comment
Dark Reading Radio: The Changing Role Of The CSO
Marilyn Cohodas, Community Editor, Dark ReadingCommentary
Why does the CSO report to the CIO? Join us for a panel discussion. Showtime is today, Wednesday, 1:00 p.m., New York, 10 a.m., San Francisco.
By Marilyn Cohodas Community Editor, Dark Reading, 7/8/2014
Comment7 comments  |  Read  |  Post a Comment
Microsoft's Seizure Of No-IP Domains Disrupted Criminals & Innocents Alike
Sara Peters, News
Microsoft successfully disrupted roughly one-quarter of the APT actors Kaspersky monitors, but took down millions of innocent hostnames too.
By Sara Peters , 7/3/2014
Comment6 comments  |  Read  |  Post a Comment
Why Your Application Security Program May Backfire
Jeff Williams, CTO, Contrast SecurityCommentary
You have to consider the human factor when you’re designing security interventions, because the best intentions can have completely opposite consequences.
By Jeff Williams CTO, Contrast Security, 7/2/2014
Comment4 comments  |  Read  |  Post a Comment
Hacker Movies We Love & Hate
Marilyn Cohodas, Community Editor, Dark Reading
Check out Dark Reading community members' favorite hacker movie hits and misses. Then add your picks in the comments section.
By Marilyn Cohodas Community Editor, Dark Reading, 7/1/2014
Comment3 comments  |  Read  |  Post a Comment
How Microsoft Cracks The BYOD Code: 3 Tips
Bret Arsenault, CISO, MicrosoftCommentary
Microsoft’s CISO shares best-practices for balancing employee autonomy and security in today’s bring-your-own world.
By Bret Arsenault CISO, Microsoft, 6/30/2014
Comment5 comments  |  Read  |  Post a Comment
3 Mobile Security Tips For SMBs
Vijay Basani, Co-Founder, President & CEO, EIQ NetworksCommentary
Everyone in an organization has to work together to combat intrusions and data loss, but this is especially true for small businesses.
By Vijay Basani Co-Founder, President & CEO, EIQ Networks, 6/27/2014
Comment5 comments  |  Read  |  Post a Comment
Why A Secured Network Is Like The Human Body
Dan Ross, CEO & President, PromisecCommentary
It’s time to throw away the analogies about building fortresses and perimeter defenses and start to approach InfoSec with the same standard of care we use for public health.
By Dan Ross CEO & President, Promisec, 6/26/2014
Comment11 comments  |  Read  |  Post a Comment
P.F. Chang's Breach Went Undetected For Months
Lucas Zaichkowsky, Enterprise Defense Architect, AccessDataCommentary
Early reports indicate that the compromise involved a large number of restaurant locations and dates as far back as September 2013.
By Lucas Zaichkowsky Enterprise Defense Architect, AccessData, 6/23/2014
Comment4 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
Register for Dark Reading Newsletters
White Papers
Current Issue
Cartoon
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-4262
Published: 2014-07-28
svnwcsub.py in Subversion 1.8.0 before 1.8.3, when using the --pidfile option and running in foreground mode, allows local users to gain privileges via a symlink attack on the pid file. NOTE: this issue was SPLIT due to different affected versions (ADT3). The irkerbridge.py issue is covered by CVE-...

CVE-2013-4840
Published: 2014-07-28
Unspecified vulnerability in HP and H3C VPN Firewall Module products SECPATH1000FE before 5.20.R3177 and SECBLADEFW before 5.20.R3177 allows remote attackers to cause a denial of service via unknown vectors.

CVE-2013-7393
Published: 2014-07-28
The daemonize.py module in Subversion 1.8.0 before 1.8.2 allows local users to gain privileges via a symlink attack on the pid file created for (1) svnwcsub.py or (2) irkerbridge.py when the --pidfile option is used. NOTE: this issue was SPLIT from CVE-2013-4262 based on different affected versions...

CVE-2014-2974
Published: 2014-07-28
Cross-site request forgery (CSRF) vulnerability in php/user_account.php in Silver Peak VX through 6.2.4 allows remote attackers to hijack the authentication of administrators for requests that create administrative accounts.

CVE-2014-2975
Published: 2014-07-28
Cross-site scripting (XSS) vulnerability in php/user_account.php in Silver Peak VX before 6.2.4 allows remote attackers to inject arbitrary web script or HTML via the user_id parameter.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Sara Peters hosts a conversation on Botnets and those who fight them.