Operations
News & Commentary
Federal IT Security Policies Must Be User Friendly
James Bindseil, President & CEO, GlobalscapeCommentary
Federal agencies should choose security tools and policies that suit the productivity needs of their employees.
By James Bindseil President & CEO, Globalscape, 4/16/2014
Comment2 comments  |  Read  |  Post a Comment
Active Directory Is Dead: 3 Reasons
Thomas Pedersen, CEO & Founder, OneLoginCommentary
These days, Active Directory smells gangrenous to innovative companies born in the cloud and connecting customers, employees, and partners across devices at light speed.
By Thomas Pedersen CEO & Founder, OneLogin, 4/15/2014
Comment25 comments  |  Read  |  Post a Comment
CIO Vs. CSO: Allies Or Enemies?
Eric Cole, Founder & Chief Scientist, Secure Anchor ConsultingCommentary
In the wake of the Target breach it's clear that the CIO and CSO must have clear boundaries of responsibility and equal representation in the board room.
By Eric Cole Founder & Chief Scientist, Secure Anchor Consulting, 4/14/2014
Comment15 comments  |  Read  |  Post a Comment
What’s Worse: Credit Card Or Identity Theft?
Kerstyn Clover, Attack & Defense Team ConsultantCommentary
When it comes to data loss, it’s time for the conversation to shift from credit cards to personal information like Social Security numbers, home addresses, and your favorite flavor of ice cream.
By Kerstyn Clover Attack & Defense Team Consultant, 4/9/2014
Comment17 comments  |  Read  |  Post a Comment
Tech Insight: Making Data Classification Work
John H. Sawyer, Contributing Writer, Dark ReadingCommentary
Data classification involves much more than simply buying a product and dropping it in place. Here are some dos and don'ts.
By John H. Sawyer Contributing Writer, Dark Reading, 4/4/2014
Comment7 comments  |  Read  |  Post a Comment
NSA’s Big Surprise: Gov’t Agency Is Actually Doing Its Job
Ira Winkler, Commentary
When people claimed after 9/11 that the NSA was ill equipped to deal with a changing world, I wonder what they expected to happen.
By Ira Winkler , 4/4/2014
Comment14 comments  |  Read  |  Post a Comment
What Is The FIDO Alliance?
Dark Reading, CommentaryVideo
Phillip Dunkelberger of Nok Nok Labs explains why its proposed specifications will transform computing.
By Dark Reading , 4/2/2014
Comment0 comments  |  Read  |  Post a Comment
Extra, Extra: What's New With Dark Reading News & Analysis
Kelly Jackson Higgins, Senior Editor, Dark ReadingCommentary
How to share your opinion, news tips, and ideas.
By Kelly Jackson Higgins Senior Editor, Dark Reading, 4/2/2014
Comment2 comments  |  Read  |  Post a Comment
The Right Stuff: Staffing Your Corporate SOC
Rick Howard, CSO, Palo Alto NetworksCommentary
What makes a top-notch security analyst? Passion, experience, and communication skills trump certifications and degrees. But you get what you pay for.
By Rick Howard CSO, Palo Alto Networks, 4/2/2014
Comment10 comments  |  Read  |  Post a Comment
Manage Change – Or It Will Manage You
Robert Hewes, PhD, Senior Partner, Camden Consulting GroupCommentary
As technology increases the velocity of business, IT leaders must move beyond to-do lists.
By Robert Hewes PhD, Senior Partner, Camden Consulting Group, 4/1/2014
Comment0 comments  |  Read  |  Post a Comment
Community & A Virtual Handshake
Marilyn Cohodas, Community Editor, Dark ReadingCommentary
A secret handshake means you are part of a shared experience. That's what the Dark Reading community is all about.
By Marilyn Cohodas Community Editor, Dark Reading, 3/31/2014
Comment2 comments  |  Read  |  Post a Comment
Top Advice for CISOs
Sara Peters, CommentaryVideo
Some of the soft skills are the hardest ones for CISOs to deploy.
By Sara Peters , 3/31/2014
Comment5 comments  |  Read  |  Post a Comment
Incident Response Now Shaping Security Operations
Kelly Jackson Higgins, Senior Editor, Dark ReadingNews
How an organization reacts to hackers infiltrating its network is becoming the key to damage control for data -- and the corporate image.
By Kelly Jackson Higgins Senior Editor, Dark Reading, 3/28/2014
Comment4 comments  |  Read  |  Post a Comment
Welcome To The New Dark Reading
Tim Wilson, Editor in Chief, Dark ReadingCommentaryVideo
Check out Dark Reading's Tim Wilson and Kelly Jackson Higgins talking about the reason behind the re-launch.
By Tim Wilson Editor in Chief, Dark Reading, 3/27/2014
Comment4 comments  |  Read  |  Post a Comment
Welcome To The New Dark Reading Information Security Community
Tim Wilson, Editor in Chief, Dark ReadingCommentary
InformationWeek and Dark Reading join forces with security professionals to launch an interactive online community.
By Tim Wilson Editor in Chief, Dark Reading, 3/27/2014
Comment10 comments  |  Read  |  Post a Comment
Finally, Plug & Play Authentication!
Phil Dunkelberger, President & CEO, Nok Nok LabsCommentaryVideo
FIDO Alliance technology will allow enterprises to replace passwords with plug-and-play multifactor authentication.
By Phil Dunkelberger President & CEO, Nok Nok Labs, 3/26/2014
Comment1 Comment  |  Read  |  Post a Comment
Don't Put Too Much Faith in Cyberinsurance
Sara Peters, Commentary
Cyberinsurance is great for covering discrete costs like breach notifications and legal fees, but don't rely heavily on it for much else.
By Sara Peters , 3/26/2014
Comment1 Comment  |  Read  |  Post a Comment
Cartoon: Strong Passwords
John Klossner, CartoonistCommentary
By John Klossner Cartoonist, 3/26/2014
Comment0 comments  |  Read  |  Post a Comment
How to Solve the Security Skills Shortage
Sara Peters, CommentaryVideo
At RSA, security professionals weighed in on how to close the security skills gap -- if there is one -- and solve staffing problems.
By Sara Peters , 3/26/2014
Comment20 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by Marilyn Cohodas
Current Conversations LOL.
In reply to: Check out our new cartoon
Post Your Own Reply
More Conversations
PR Newswire
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-1421
Published: 2014-04-22
Cross-site scripting (XSS) vulnerability in Craig Knudsen WebCalendar before 1.2.5, 1.2.6, and other versions before 1.2.7 allows remote attackers to inject arbitrary web script or HTML via the Category Name field to category.php.

CVE-2013-2105
Published: 2014-04-22
The Show In Browser (show_in_browser) gem 0.0.3 for Ruby allows local users to inject arbitrary web script or HTML via a symlink attack on /tmp/browser.html.

CVE-2013-2187
Published: 2014-04-22
Cross-site scripting (XSS) vulnerability in Apache Archiva 1.2 through 1.2.2 and 1.3 before 1.3.8 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters, related to the home page.

CVE-2013-4116
Published: 2014-04-22
lib/npm.js in Node Packaged Modules (npm) before 1.3.3 allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names that are created when unpacking archives.

CVE-2013-4472
Published: 2014-04-22
The openTempFile function in goo/gfile.cc in Xpdf and Poppler 0.24.3 and earlier, when running on a system other than Unix, allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names.

Best of the Web