Endpoint // Privacy
News & Commentary
Privacy, Security & The Geography Of Data Protection
Malte Pollmann, CEO, UtimacoCommentary
Data generation is global, so why do different parts of the world react differently to the same threat of security breaches and backdoors?
By Malte Pollmann CEO, Utimaco, 9/11/2014
Comment2 comments  |  Read  |  Post a Comment
Celeb Hack: Is Apple Telling All It Knows?
Dave Kearns, Analyst, Kuppinger-ColeCommentary
Did Apple have a system-wide data breach? No. Was it complicit through an appalling security lapse by not defending against brute force attacks? Youre darn tootin'!
By Dave Kearns Analyst, Kuppinger-Cole, 9/3/2014
Comment14 comments  |  Read  |  Post a Comment
NSA Collected More Records Than Court Allowed
Sara Peters, Senior Editor at Dark ReadingNews
New documents show the Foreign Intelligence Surveillance Court is stumped by the NSA's "systemic overcollection."
By Sara Peters Senior Editor at Dark Reading, 8/13/2014
Comment5 comments  |  Read  |  Post a Comment
UK Reconsidering Biometrics
Sara Peters, Senior Editor at Dark ReadingQuick Hits
Parliament is looking for answers about biometrics' privacy, security, future uses, and whether or not legislation is ready for what comes next.
By Sara Peters Senior Editor at Dark Reading, 8/12/2014
Comment4 comments  |  Read  |  Post a Comment
6 Biometric Factors That Are Working Today
Marilyn Cohodas, Community Editor, Dark Reading
From fingerprints to wearable ECG monitors, there are real options in the market that may relegate the despised password to the dustbin of history.
By Marilyn Cohodas Community Editor, Dark Reading, 8/12/2014
Comment23 comments  |  Read  |  Post a Comment
Internet of Things: Security For A World Of Ubiquitous Computing
Candace Worley, SVP & GM, Endpoint Security, McAfeeCommentary
Endpoint security is hardly dead, and claiming that it is oversimplifies the challenges corporations face now and in the not-very-distant future.
By Candace Worley SVP & GM, Endpoint Security, McAfee, 7/21/2014
Comment5 comments  |  Read  |  Post a Comment
Passwords & The Future Of Identity: Payment Networks?
Andre Boysen, EVP, Digital Identity Evangelist, SecureKeyCommentary
The solution to the omnipresent and enduring password problem may be closer than you think.
By Andre Boysen EVP, Digital Identity Evangelist, SecureKey, 7/16/2014
Comment17 comments  |  Read  |  Post a Comment
NSA Director Downplays Damage From Snowden Leaks
Kelly Jackson Higgins, Executive Editor at Dark ReadingQuick Hits
New NSA director tells The New York Times he'll have to be more open about agency's activities than his predecessors.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 6/30/2014
Comment0 comments  |  Read  |  Post a Comment
What Workplace Privacy Will Look Like In 10 Years
David Melnick, Founder & CEO, WebLife BalanceCommentary
New laws like Europe's "right to be forgotten" in Google search are just the latest examples of how quickly perceptions and practices about personal privacy in the workplace are changing.
By David Melnick Founder & CEO, WebLife Balance, 6/19/2014
Comment10 comments  |  Read  |  Post a Comment
Spyware Found On Chinese-Made Smartphone
Tim Wilson, Editor in Chief, Dark ReadingQuick Hits
Unknown manufacturer ships smartphones loaded with app that could allow a hacker to steal personal data or spy on the user, German researcher says.
By Tim Wilson Editor in Chief, Dark Reading, 6/19/2014
Comment5 comments  |  Read  |  Post a Comment
Data Security Decisions In A World Without TrueCrypt
Cam Roberson, Director Reseller Channel, Beachhead SolutionsCommentary
The last days of TrueCrypt left many unanswered questions. But one thing is certain: When encryption freeware ends its life abruptly, being a freeloader can get you into a load of trouble.
By Cam Roberson Director Reseller Channel, Beachhead Solutions, 6/18/2014
Comment16 comments  |  Read  |  Post a Comment
P.F. Chang's Confirms Security Breach
Tim Wilson, Editor in Chief, Dark ReadingQuick Hits
After initial silence, P.F. Chang's restaurant chain goes live with website disclosing information on stolen credit card data.
By Tim Wilson Editor in Chief, Dark Reading, 6/14/2014
Comment3 comments  |  Read  |  Post a Comment
Google Adds Chrome Encryption Option For Webmail
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
An end-to-end encryption test module for Chrome is available now.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 6/4/2014
Comment0 comments  |  Read  |  Post a Comment
How The Math Of Biometric Authentication Adds Up
Dave Kearns, Analyst, Kuppinger-ColeCommentary
Yes, it's true that if your authentication scheme only allows a single fingerprint you only have 10 choices. But there's no rule that says it has to be one, and only one.
By Dave Kearns Analyst, Kuppinger-Cole, 6/2/2014
Comment12 comments  |  Read  |  Post a Comment
eBay Breach: Is Your Identity Up For Auction?
JD Sherry, VP Technology & Solutions, Trend MicroCommentary
In a sick twist of events, the roles may just have been reversed on eBay users. Its their social media identities and data that now have the greatest value in the cyber underground.
By JD Sherry VP Technology & Solutions, Trend Micro, 5/23/2014
Comment10 comments  |  Read  |  Post a Comment
Breach At Bit.ly Blamed On Offsite Backup Storage Provider
Tim Wilson, Editor in Chief, Dark ReadingQuick Hits
URL shortening service says user database may have been compromised through backup data.
By Tim Wilson Editor in Chief, Dark Reading, 5/13/2014
Comment2 comments  |  Read  |  Post a Comment
Defending Against Identity Theft In The Military
Lysa Myers, Security Researcher, ESETCommentary
Our military troops are twice as likely to be victims of identity theft as the general population. The reason is in the structure of military culture.
By Lysa Myers Security Researcher, ESET, 5/5/2014
Comment5 comments  |  Read  |  Post a Comment
Privacy, Cybercrime Headline the Infosecurity Europe Conference
Mathew J. Schwartz,
Attendees debate NSA surveillance, privacy reforms, cybercrime defenses, and sharpen their CISO skills.
By Mathew J. Schwartz , 5/2/2014
Comment6 comments  |  Read  |  Post a Comment
How To Avoid Sloppy Authentication
Garret Grajek, CTO & COO, SecureAuthCommentary
Viewing authentication as a process, not simply as an encryption or algorithm, is the key to defending corporate resources from attacks.
By Garret Grajek CTO & COO, SecureAuth, 5/1/2014
Comment2 comments  |  Read  |  Post a Comment
Internet of Thingbots: The New Security Worry
Jeff Bertolucci, Commentary
Phishing and spam attacks involving Internet of Things devices are coming -- and app developers and device makers must be ready, says a CA Technologies exec.
By Jeff Bertolucci , 4/30/2014
Comment7 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2012-1556
Published: 2014-09-12
Cross-site scripting (XSS) vulnerability in Synology Photo Station 5 for DiskStation Manager (DSM) 3.2-1955 allows remote attackers to inject arbitrary web script or HTML via the name parameter to photo/photo_one.php.

CVE-2014-2008
Published: 2014-09-12
SQL injection vulnerability in confirm.php in the mPAY24 payment module before 1.6 for PrestaShop allows remote attackers to execute arbitrary SQL commands via the TID parameter.

CVE-2014-2009
Published: 2014-09-12
The mPAY24 payment module before 1.6 for PrestaShop allows remote attackers to obtain credentials, the installation path, and other sensitive information via a direct request to api/curllog.log.

CVE-2014-4735
Published: 2014-09-12
Cross-site scripting (XSS) vulnerability in MyWebSQL 3.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the table parameter to index.php.

CVE-2014-5259
Published: 2014-09-12
Cross-site scripting (XSS) vulnerability in cattranslate.php in the CatTranslate JQuery plugin in BlackCat CMS 1.0.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the msg parameter.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
CISO Insider: An Interview with James Christiansen, Vice President, Information Risk Management, Office of the CISO, Accuvant