Operations
News & Commentary
Federal IT Security Policies Must Be User Friendly
James Bindseil, Commentary
Federal agencies should choose security tools and policies that suit the productivity needs of their employees.
By James Bindseil , 4/16/2014
Comment2 comments  |  Read  |  Post a Comment
Active Directory Is Dead: 3 Reasons
Thomas Pedersen, CEO & Founder, OneLoginCommentary
These days, Active Directory smells gangrenous to innovative companies born in the cloud and connecting customers, employees, and partners across devices at light speed.
By Thomas Pedersen CEO & Founder, OneLogin, 4/15/2014
Comment25 comments  |  Read  |  Post a Comment
CIO Vs. CSO: Allies Or Enemies?
Eric Cole, Founder & Chief Scientist, Secure Anchor ConsultingCommentary
In the wake of the Target breach it's clear that the CIO and CSO must have clear boundaries of responsibility and equal representation in the board room.
By Eric Cole Founder & Chief Scientist, Secure Anchor Consulting, 4/10/2014
Comment10 comments  |  Read  |  Post a Comment
What’s Worse: Credit Card Or Identity Theft?
Kerstyn Clover, Attack & Defense Team ConsultantCommentary
When it comes to data loss, it’s time for the conversation to shift from credit cards to personal information like Social Security numbers, home addresses, and your favorite flavor of ice cream.
By Kerstyn Clover Attack & Defense Team Consultant, 4/9/2014
Comment17 comments  |  Read  |  Post a Comment
Tech Insight: Making Data Classification Work
John H. Sawyer, Contributing Writer, Dark ReadingCommentary
Data classification involves much more than simply buying a product and dropping it in place. Here are some dos and don'ts.
By John H. Sawyer Contributing Writer, Dark Reading, 4/4/2014
Comment7 comments  |  Read  |  Post a Comment
NSA’s Big Surprise: Gov’t Agency Is Actually Doing Its Job
Ira Winkler, Commentary
When people claimed after 9/11 that the NSA was ill equipped to deal with a changing world, I wonder what they expected to happen.
By Ira Winkler , 4/4/2014
Comment14 comments  |  Read  |  Post a Comment
What Is The FIDO Alliance?
Dark Reading, CommentaryVideo
Phillip Dunkelberger of Nok Nok Labs explains why its proposed specifications will transform computing.
By Dark Reading , 4/2/2014
Comment0 comments  |  Read  |  Post a Comment
Extra, Extra: What's New With Dark Reading News & Analysis
Kelly Jackson Higgins, Senior Editor, Dark ReadingCommentary
How to share your opinion, news tips, and ideas.
By Kelly Jackson Higgins Senior Editor, Dark Reading, 4/2/2014
Comment2 comments  |  Read  |  Post a Comment
The Right Stuff: Staffing Your Corporate SOC
Rick Howard, CSO, Palo Alto NetworksCommentary
What makes a top-notch security analyst? Passion, experience, and communication skills trump certifications and degrees. But you get what you pay for.
By Rick Howard CSO, Palo Alto Networks, 4/2/2014
Comment10 comments  |  Read  |  Post a Comment
Manage Change – Or It Will Manage You
Robert Hewes, PhD, Senior Partner, Camden Consulting GroupCommentary
As technology increases the velocity of business, IT leaders must move beyond to-do lists.
By Robert Hewes PhD, Senior Partner, Camden Consulting Group, 4/1/2014
Comment0 comments  |  Read  |  Post a Comment
Community & A Virtual Handshake
Marilyn Cohodas, Community Editor, Dark ReadingCommentary
A secret handshake means you are part of a shared experience. That's what the Dark Reading community is all about.
By Marilyn Cohodas Community Editor, Dark Reading, 3/31/2014
Comment2 comments  |  Read  |  Post a Comment
Top Advice for CISOs
Sara Peters, CommentaryVideo
Some of the soft skills are the hardest ones for CISOs to deploy.
By Sara Peters , 3/31/2014
Comment5 comments  |  Read  |  Post a Comment
Incident Response Now Shaping Security Operations
Kelly Jackson Higgins, Senior Editor, Dark ReadingNews
How an organization reacts to hackers infiltrating its network is becoming the key to damage control for data -- and the corporate image.
By Kelly Jackson Higgins Senior Editor, Dark Reading, 3/28/2014
Comment4 comments  |  Read  |  Post a Comment
Welcome To The New Dark Reading
Tim Wilson, Editor in Chief, Dark ReadingCommentaryVideo
Check out Dark Reading's Tim Wilson and Kelly Jackson Higgins talking about the reason behind the re-launch.
By Tim Wilson Editor in Chief, Dark Reading, 3/27/2014
Comment4 comments  |  Read  |  Post a Comment
Welcome To The New Dark Reading Information Security Community
Tim Wilson, Editor in Chief, Dark ReadingCommentary
InformationWeek and Dark Reading join forces with security professionals to launch an interactive online community.
By Tim Wilson Editor in Chief, Dark Reading, 3/27/2014
Comment10 comments  |  Read  |  Post a Comment
Finally, Plug & Play Authentication!
Phil Dunkelberger, President & CEO, Nok Nok LabsCommentaryVideo
FIDO Alliance technology will allow enterprises to replace passwords with plug-and-play multifactor authentication.
By Phil Dunkelberger President & CEO, Nok Nok Labs, 3/26/2014
Comment1 Comment  |  Read  |  Post a Comment
Don't Put Too Much Faith in Cyberinsurance
Sara Peters, Commentary
Cyberinsurance is great for covering discrete costs like breach notifications and legal fees, but don't rely heavily on it for much else.
By Sara Peters , 3/26/2014
Comment1 Comment  |  Read  |  Post a Comment
Cartoon: Strong Passwords
John Klossner, CartoonistCommentary
By John Klossner Cartoonist, 3/26/2014
Comment0 comments  |  Read  |  Post a Comment
How to Solve the Security Skills Shortage
Sara Peters, CommentaryVideo
At RSA, security professionals weighed in on how to close the security skills gap -- if there is one -- and solve staffing problems.
By Sara Peters , 3/26/2014
Comment20 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
Register for Dark Reading Newsletters
White Papers
Current Issue
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2011-0460
Published: 2014-04-16
The init script in kbd, possibly 1.14.1 and earlier, allows local users to overwrite arbitrary files via a symlink attack on /dev/shm/defkeymap.map.

CVE-2011-0993
Published: 2014-04-16
SUSE Lifecycle Management Server before 1.1 uses world readable postgres credentials, which allows local users to obtain sensitive information via unspecified vectors.

CVE-2011-3180
Published: 2014-04-16
kiwi before 4.98.08, as used in SUSE Studio Onsite 1.2 before 1.2.1 and SUSE Studio Extension for System z 1.2 before 1.2.1, allows attackers to execute arbitrary commands via shell metacharacters in the path of an overlay file, related to chown.

CVE-2011-4089
Published: 2014-04-16
The bzexe command in bzip2 1.0.5 and earlier generates compressed executables that do not properly handle temporary files during extraction, which allows local users to execute arbitrary code by precreating a temporary directory.

CVE-2011-4192
Published: 2014-04-16
kiwi before 4.85.1, as used in SUSE Studio Onsite 1.2 before 1.2.1 and SUSE Studio Extension for System z 1.2 before 1.2.1, allows attackers to execute arbitrary commands as demonstrated by "double quotes in kiwi_oemtitle of .profile."

Best of the Web