Endpoint // Privacy
News & Commentary
How Ionic Says It Makes Data Breaches Irrelevant
Sara Peters, Senior Editor at Dark ReadingNews
Ionic Security goes public with a data security platform that manages trillions of encryption keys and enables a user to sign each pixel with its own unique key.
By Sara Peters Senior Editor at Dark Reading, 4/15/2015
Comment2 comments  |  Read  |  Post a Comment
3 Of 4 Global 2000 Companies Still Vulnerable To Heartbleed
Sara Peters, Senior Editor at Dark ReadingNews
Largest companies on Earth might have patched, but haven't done their due diligence with revoking and issuing new certificates, says Venafi.
By Sara Peters Senior Editor at Dark Reading, 4/7/2015
Comment1 Comment  |  Read  |  Post a Comment
The Internet Of Bring-Your-Own Things
David Lindner, Global Practice Manager, Mobile Application Security Services, Aspect SecurityCommentary
Devices and interconnected systems are finding a foothold not only in our homes but in mainstream organizations. Here are three tips to mitigate the risk.
By David Lindner Global Practice Manager, Mobile Application Security Services, Aspect Security, 3/25/2015
Comment1 Comment  |  Read  |  Post a Comment
New Secure Online Check-Out Tech Goes For Less Friction, More Biometrics
Sara Peters, Senior Editor at Dark ReadingNews
BioCatch, Zumigo, and Alibaba release tools to help merchants avoid those pesky charge-back costs.
By Sara Peters Senior Editor at Dark Reading, 3/24/2015
Comment2 comments  |  Read  |  Post a Comment
OpenSSL To Undergo Major Audit
Sara Peters, Senior Editor at Dark ReadingNews
The Linux Foundation's Core Infrastructure Initiative funding work to take a closer look at the TLS stack.
By Sara Peters Senior Editor at Dark Reading, 3/9/2015
Comment2 comments  |  Read  |  Post a Comment
A Building Code For Internet of Things Security, Privacy
Greg Shannon, Ph.D., chair, IEEE Cybersecurity Initiative & Chief Scientist, CERT Division, Carnegie Mellon University Software Engineering InstituteCommentary
In the fast-emerging IoT, medical device safety is reaching a critical juncture. Here are three challenges InfoSec professionals should begin to think about now.
By Greg Shannon Ph.D., chair, IEEE Cybersecurity Initiative & Chief Scientist, CERT Division, Carnegie Mellon University Software Engineering Institute, 3/4/2015
Comment6 comments  |  Read  |  Post a Comment
FREAK Out: Yet Another New SSL/TLS Bug Found
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Old-school, export-grade crypto standard used until the 1990s can be triggered to downgrade security of client, servers, researchers find.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 3/3/2015
Comment2 comments  |  Read  |  Post a Comment
Hits Keep On Coming For Both SSL & Its Abusers
Dark Reading Staff, Quick Hits
Hacktivist group Lizard Squad punishes Lenovo with a DNS hijack. Will Comodo be next?
By Dark Reading Staff , 2/26/2015
Comment4 comments  |  Read  |  Post a Comment
Gemalto: NSA, GCHQ May Have Been Behind Breaches It Suffered In 2010 And 2011
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
But the 'sophisticated' attacks hit only Gemalto office networks--not 'massive theft' of SIM crypto keys, vendor says, and such an attack, if waged, would only affect 2G networks, not 3G or 4G.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 2/25/2015
Comment3 comments  |  Read  |  Post a Comment
Superfish Compromises All SSL Connections On Lenovo Gear
Sara Peters, Senior Editor at Dark ReadingNews
More than just pre-installed adware on some Lenovo laptops, Superfish acts as a man-in-the-middle certificate authority, hijacking every SSL session the laptop makes.
By Sara Peters Senior Editor at Dark Reading, 2/19/2015
Comment10 comments  |  Read  |  Post a Comment
White House Revises Rules For Intelligence Gathering
Thomas Claburn, Editor at Large, Enterprise MobilityNews
Intelligence agencies like the NSA face data-retention limits and privacy training.
By Thomas Claburn Editor at Large, Enterprise Mobility, 2/3/2015
Comment3 comments  |  Read  |  Post a Comment
Social Media Betrays Your Credit Card Activity: Study
Thomas Claburn, Editor at Large, Enterprise MobilityNews
Using time and location data culled from social media posts or other sources, researchers say they can identify your purchases from amongst anonymized transaction data.
By Thomas Claburn Editor at Large, Enterprise Mobility, 1/31/2015
Comment7 comments  |  Read  |  Post a Comment
Takeaways from International Data Privacy Day: The Internet of Things
Lorie Wigle, Vice President, General Manager IOT Security Solutions, Intel Security Group
Event looks at the future of data use and how we can and should protect personal privacy.
By Lorie Wigle Vice President, General Manager IOT Security Solutions, Intel Security Group, 1/30/2015
Comment0 comments  |  Read  |  Post a Comment
FTC Seeks Internet Of Things Rules
Thomas Claburn, Editor at Large, Enterprise MobilityNews
More responsible business practices and new laws are needed to make the Internet of Things viable, the FTC says.
By Thomas Claburn Editor at Large, Enterprise Mobility, 1/27/2015
Comment2 comments  |  Read  |  Post a Comment
Cloud Services Adoption: Rates, Reasons & Security Fears
Dave Kearns, Analyst, Kuppinger-ColeCommentary
Concern over data breaches and privacy are two reasons enterprises in the European Union didnt increase their use of cloud services in 2014, according to the EUs recent Eurostat report.
By Dave Kearns Analyst, Kuppinger-Cole, 1/12/2015
Comment3 comments  |  Read  |  Post a Comment
How PCI DSS 3.0 Can Help Stop Data Breaches
Troy Leach and Christopher Strand, Chief Technology Officer, PCI Security Standards Council & Senior Director of Compliance, Bit9Commentary
New Payment Card Industry security standards that took effect January 1 aim to replace checkmark mindsets with business as usual processes. Here are three examples.
By Troy Leach and Christopher Strand Chief Technology Officer, PCI Security Standards Council & Senior Director of Compliance, Bit9, 12/23/2014
Comment9 comments  |  Read  |  Post a Comment
Open Source Encryption Must Get Smarter
Matt Little, VP Product Development, PKWARECommentary
When it comes to cryptography, there are quite a few myths in the age-old debate about proprietary versus open source application security.
By Matt Little VP Product Development, PKWARE, 12/8/2014
Comment3 comments  |  Read  |  Post a Comment
Moving Beyond 2-Factor Authentication With Context
Keith Graham, CTO, SecureAuthCommentary
2FA isnt cheap or infallible -- in more ways than two.
By Keith Graham CTO, SecureAuth, 12/5/2014
Comment11 comments  |  Read  |  Post a Comment
Ultra-Private Messaging Spreads To Apple Mac, Windows, Linux Desktops
Kelly Jackson Higgins, Executive Editor at Dark ReadingQuick Hits
Wickr's secure mobile messaging app expands to the desktop amid explosion in encryption activity.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 12/4/2014
Comment0 comments  |  Read  |  Post a Comment
New TLS/SSL Version Ready In 2015
Kelly Jackson Higgins, Executive Editor at Dark ReadingQuick Hits
One of the first steps in making encryption the norm across the Net is an update to the protocol itself and a set of best-practices for using encryption in applications.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 12/4/2014
Comment2 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Register for Dark Reading Newsletters
White Papers
Cartoon
Latest Comment: nice one
Current Issue
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2015-0845
Published: 2015-04-17
Format string vulnerability in Movable Type Pro, Open Source, and Advanced before 5.2.13 and Pro and Advanced 6.0.x before 6.0.8 allows remote attackers to execute arbitrary code via vectors related to localization of templates.

CVE-2015-1318
Published: 2015-04-17
The crash reporting feature in Apport 2.13 through 2.17.x before 2.17.1 allows local users to gain privileges via a crafted usr/share/apport/apport file in a namespace (container).

CVE-2015-1852
Published: 2015-04-17
The s3_token middleware in OpenStack keystonemiddleware before 1.6.0 and python-keystoneclient before 1.4.0 disables certification verification when the "insecure" option is set in a paste configuration (paste.ini) file regardless of the value, which allows remote attackers to conduct man-in-the-mid...

CVE-2015-1856
Published: 2015-04-17
OpenStack Object Storage (Swift) before 2.3.0, when allow_version is configured, allows remote authenticated users to delete the latest version of an object by leveraging listing access to the x-versions-location container.

CVE-2013-4866
Published: 2015-04-16
The LIXIL Corporation My SATIS Genius Toilet application for Android has a hardcoded Bluetooth PIN, which allows physically proximate attackers to trigger physical resource consumption (water or heat) or user discomfort.

Dark Reading Radio
Archived Dark Reading Radio
Join security and risk expert John Pironti and Dark Reading Editor-in-Chief Tim Wilson for a live online discussion of the sea-changing shift in security strategy and the many ways it is affecting IT and business.