Tech Center Privacy
Dark Reading's Privacy Tech Center offers the latest news and information on issues surrounding user privacy and identity protection. Written for security and IT professionals, the Privacy Tech Center is designed to provide details on technologies, threats, and legislation surrounding data privacy, as well as insights on how enterprises can protect the privacy of their employees, customers, and business partners.
Two-step verification system has no provision for backup access or lost phones, doesn't address public username problem.
Dark Mail Alliance aims to create open-source email protocol and architecture for the industry in wake of NSA spying revelations
National Security Agency can intercept traffic from Google's and Yahoo's data centers outside the U.S., according to documents from Edward Snowden
Tracking technology that can identify individual identities and devices is improving faster than consumers might realize, warn privacy researchers
WhiteHat's Aviator browser promises better privacy online
New information shows the extent the U.S. may be playing both offense and defense in cyberspace
- NSA Responds To Criticism Over Surveillance Programs
- PCI DSS 3.0 Change Highlights
- Silent Circle, Lavabit End Secure Email Services Due To Surveillance Concerns
- NSA Director Faces Cybersecurity Community At Black Hat
- Reputation.com Acquires Online Platform MySocialCloud
By The Numbers
Healthcare Records At Risk
Health plans are the most breached healthcare organizations, losing some 10.32 million patient records in the past year.
Source: HITRUST LLC
Around the Web
- HHS Inspector General: Obamacare Privacy Protections Way Behind Schedule; Rampant Violations Of Law Possible
- California Gives Teens A Do-Over
- The Enemy Of Risk Management Starts With A C (And It's Not China)
Products & Releases
Free Research and Reports
Dark Reading Digital Magazine
Quick Wins For Strengthening SMB Security
Time To Set Up That Honeypot
Securing Cisco IP Telephony
Attribution Is Much More Than A Source IP
New CA Group Has Big Names, Small Impact
How To Build An IT Security Budget
5 Approaches To Decaffeinating Java Exploits
Enterprise Vulnerabilities From DHS/US-CERT's National Vulnerability Database
The winbind_name_list_to_sid_string_list function in nsswitch/pam_winbind.c in Samba through 4.1.2 handles invalid require_membership_of group names by accepting authentication by any user, which allows remote authenticated users to bypass intended access restrictions in opportunistic circumstances by leveraging an administrator's pam_winbind configuration-file mistake.
The (1) UpdateRequestHandler for XSLT or (2) XPathEntityProcessor in Apache Solr before 4.1 allows remote attackers to have an unspecified impact via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, different vectors than CVE-2013-6407.
Off-by-one error in the adpcm_decode_frame function in libavcodec/adpcm.c in FFmpeg before 1.0.4 allows remote attackers to have an unspecified impact via crafted DK4 data, which triggers an out-of-bounds array access.
libavcodec/alsdec.c in FFmpeg before 1.0.4 allows remote attackers to have an unspecified impact via a crafted block length, which triggers an out-of-bounds write.
Array index error in the qdm2_decode_super_block function in libavcodec/qdm2.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via crafted QDM2 data, which triggers an out-of-bounds array access.