Endpoint // Privacy
News & Commentary
FAQ: Understanding The True Price of Encryption
Sol Cates, CSO, VormetricCommentary
In the wake of recent events like Heartbleed, the search for cost-effective, easy, and scalable encryption solutions has never been more important.
By Sol Cates CSO, Vormetric, 4/21/2014
Comment5 comments  |  Read  |  Post a Comment
Whats Worse: Credit Card Or Identity Theft?
Kerstyn Clover, Attack & Defense Team ConsultantCommentary
When it comes to data loss, its time for the conversation to shift from credit cards to personal information like Social Security numbers, home addresses, and your favorite flavor of ice cream.
By Kerstyn Clover Attack & Defense Team Consultant, 4/9/2014
Comment17 comments  |  Read  |  Post a Comment
NSAs Big Surprise: Govt Agency Is Actually Doing Its Job
Ira Winkler, Commentary
When people claimed after 9/11 that the NSA was ill equipped to deal with a changing world, I wonder what they expected to happen.
By Ira Winkler , 4/4/2014
Comment14 comments  |  Read  |  Post a Comment
Community & A Virtual Handshake
Marilyn Cohodas, Community Editor, Dark ReadingCommentary
A secret handshake means you are part of a shared experience. That's what the Dark Reading community is all about.
By Marilyn Cohodas Community Editor, Dark Reading, 3/31/2014
Comment2 comments  |  Read  |  Post a Comment
Richard Clarke: Snowden Should Be in Prison
Sara Peters, CommentaryVideo
Former White House cybersecurity advisor says Edward Snowden has jeopardized the United States' national security.
By Sara Peters , 3/28/2014
Comment10 comments  |  Read  |  Post a Comment
Richard Clarke: Foreign Governments Not So Surprised by US Snooping
Sara Peters, CommentaryVideo
Former White House cybersecurity advisor thinks foreign governments' outrage is largely an act.
By Sara Peters , 3/27/2014
Comment3 comments  |  Read  |  Post a Comment
March Madness: Online Privacy Edition
Mark Weinstein, Founder & CEO, SgrouplesCommentary
Say hello to the privacy revolution where an emerging backlash is being spurred by NSA spying, mass data collection and plain old common sense.
By Mark Weinstein Founder & CEO, Sgrouples, 3/26/2014
Comment1 Comment  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by Marilyn Cohodas
Current Conversations LOL.
In reply to: Check out our new cartoon
Post Your Own Reply
More Conversations
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-1421
Published: 2014-04-22
Cross-site scripting (XSS) vulnerability in Craig Knudsen WebCalendar before 1.2.5, 1.2.6, and other versions before 1.2.7 allows remote attackers to inject arbitrary web script or HTML via the Category Name field to category.php.

CVE-2013-2105
Published: 2014-04-22
The Show In Browser (show_in_browser) gem 0.0.3 for Ruby allows local users to inject arbitrary web script or HTML via a symlink attack on /tmp/browser.html.

CVE-2013-2187
Published: 2014-04-22
Cross-site scripting (XSS) vulnerability in Apache Archiva 1.2 through 1.2.2 and 1.3 before 1.3.8 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters, related to the home page.

CVE-2013-4116
Published: 2014-04-22
lib/npm.js in Node Packaged Modules (npm) before 1.3.3 allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names that are created when unpacking archives.

CVE-2013-4472
Published: 2014-04-22
The openTempFile function in goo/gfile.cc in Xpdf and Poppler 0.24.3 and earlier, when running on a system other than Unix, allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names.

Best of the Web