Endpoint // Privacy
News & Commentary
A Building Code For Internet of Things Security, Privacy
Greg Shannon, Ph.D., chair, IEEE Cybersecurity Initiative & Chief Scientist, CERT Division, Carnegie Mellon University Software Engineering InstituteCommentary
In the fast-emerging IoT, medical device safety is reaching a critical juncture. Here are three challenges InfoSec professionals should begin to think about now.
By Greg Shannon Ph.D., chair, IEEE Cybersecurity Initiative & Chief Scientist, CERT Division, Carnegie Mellon University Software Engineering Institute, 3/4/2015
Comment3 comments  |  Read  |  Post a Comment
FREAK Out: Yet Another New SSL/TLS Bug Found
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Old-school, export-grade crypto standard used until the 1990s can be triggered to downgrade security of client, servers, researchers find.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 3/3/2015
Comment2 comments  |  Read  |  Post a Comment
Hits Keep On Coming For Both SSL & Its Abusers
Dark Reading Staff, Quick Hits
Hacktivist group Lizard Squad punishes Lenovo with a DNS hijack. Will Comodo be next?
By Dark Reading Staff , 2/26/2015
Comment4 comments  |  Read  |  Post a Comment
Gemalto: NSA, GCHQ May Have Been Behind Breaches It Suffered In 2010 And 2011
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
But the 'sophisticated' attacks hit only Gemalto office networks--not 'massive theft' of SIM crypto keys, vendor says, and such an attack, if waged, would only affect 2G networks, not 3G or 4G.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 2/25/2015
Comment3 comments  |  Read  |  Post a Comment
Superfish Compromises All SSL Connections On Lenovo Gear
Sara Peters, Senior Editor at Dark ReadingNews
More than just pre-installed adware on some Lenovo laptops, Superfish acts as a man-in-the-middle certificate authority, hijacking every SSL session the laptop makes.
By Sara Peters Senior Editor at Dark Reading, 2/19/2015
Comment10 comments  |  Read  |  Post a Comment
White House Revises Rules For Intelligence Gathering
Thomas Claburn, Editor at Large, Enterprise MobilityNews
Intelligence agencies like the NSA face data-retention limits and privacy training.
By Thomas Claburn Editor at Large, Enterprise Mobility, 2/3/2015
Comment3 comments  |  Read  |  Post a Comment
Social Media Betrays Your Credit Card Activity: Study
Thomas Claburn, Editor at Large, Enterprise MobilityNews
Using time and location data culled from social media posts or other sources, researchers say they can identify your purchases from amongst anonymized transaction data.
By Thomas Claburn Editor at Large, Enterprise Mobility, 1/31/2015
Comment7 comments  |  Read  |  Post a Comment
Takeaways from International Data Privacy Day: The Internet of Things
Lorie Wigle, Vice President, General Manager IOT Security Solutions, Intel Security Group
Event looks at the future of data use and how we can and should protect personal privacy.
By Lorie Wigle Vice President, General Manager IOT Security Solutions, Intel Security Group, 1/30/2015
Comment0 comments  |  Read  |  Post a Comment
FTC Seeks Internet Of Things Rules
Thomas Claburn, Editor at Large, Enterprise MobilityNews
More responsible business practices and new laws are needed to make the Internet of Things viable, the FTC says.
By Thomas Claburn Editor at Large, Enterprise Mobility, 1/27/2015
Comment2 comments  |  Read  |  Post a Comment
Cloud Services Adoption: Rates, Reasons & Security Fears
Dave Kearns, Analyst, Kuppinger-ColeCommentary
Concern over data breaches and privacy are two reasons enterprises in the European Union didnt increase their use of cloud services in 2014, according to the EUs recent Eurostat report.
By Dave Kearns Analyst, Kuppinger-Cole, 1/12/2015
Comment3 comments  |  Read  |  Post a Comment
How PCI DSS 3.0 Can Help Stop Data Breaches
Troy Leach and Christopher Strand, Chief Technology Officer, PCI Security Standards Council & Senior Director of Compliance, Bit9Commentary
New Payment Card Industry security standards that took effect January 1 aim to replace checkmark mindsets with business as usual processes. Here are three examples.
By Troy Leach and Christopher Strand Chief Technology Officer, PCI Security Standards Council & Senior Director of Compliance, Bit9, 12/23/2014
Comment9 comments  |  Read  |  Post a Comment
Open Source Encryption Must Get Smarter
Matt Little, VP Product Development, PKWARECommentary
When it comes to cryptography, there are quite a few myths in the age-old debate about proprietary versus open source application security.
By Matt Little VP Product Development, PKWARE, 12/8/2014
Comment3 comments  |  Read  |  Post a Comment
Moving Beyond 2-Factor Authentication With Context
Keith Graham, CTO, SecureAuthCommentary
2FA isnt cheap or infallible -- in more ways than two.
By Keith Graham CTO, SecureAuth, 12/5/2014
Comment11 comments  |  Read  |  Post a Comment
Ultra-Private Messaging Spreads To Apple Mac, Windows, Linux Desktops
Kelly Jackson Higgins, Executive Editor at Dark ReadingQuick Hits
Wickr's secure mobile messaging app expands to the desktop amid explosion in encryption activity.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 12/4/2014
Comment0 comments  |  Read  |  Post a Comment
New TLS/SSL Version Ready In 2015
Kelly Jackson Higgins, Executive Editor at Dark ReadingQuick Hits
One of the first steps in making encryption the norm across the Net is an update to the protocol itself and a set of best-practices for using encryption in applications.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 12/4/2014
Comment2 comments  |  Read  |  Post a Comment
Google Gets Better At Spotting Humans
Thomas Claburn, Editor at Large, Enterprise MobilityNews
Google's revised reCAPTCHA test promises to help website users solve security puzzles faster -- unless they are using a browser's private mode or some other privacy measure.
By Thomas Claburn Editor at Large, Enterprise Mobility, 12/3/2014
Comment2 comments  |  Read  |  Post a Comment
Q&A: Internet Encryption As The New Normal
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Internet Architecture Board chairman Russ Housley explains what the IAB's game-changing statement about encryption means for the future of the Net.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 12/1/2014
Comment6 comments  |  Read  |  Post a Comment
The Week When Attackers Started Winning The War On Trust
Kevin Bocek, VP Security Strategy & Threat Intelligence, VenafiCommentary
The misuse of keys and certificates is not exotic or hypothetical. Its a real threat that could undermine most, if not all, critical security controls, as recent headlines strongly show.
By Kevin Bocek VP Security Strategy & Threat Intelligence, Venafi, 11/21/2014
Comment1 Comment  |  Read  |  Post a Comment
Killing Passwords: Dont Get A-Twitter Over Digits
Dave Kearns, Analyst, Kuppinger-ColeCommentary
Twitters new service that eliminates passwords for authentication actually makes your mobile device less secure.
By Dave Kearns Analyst, Kuppinger-Cole, 11/19/2014
Comment5 comments  |  Read  |  Post a Comment
Is Security Awareness Training Really Worth It?
Fahmida Y. Rashid, News
Experts weigh in on the value of end-user security training, and how to make education more effective.
By Fahmida Y. Rashid , 11/18/2014
Comment9 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-8891
Published: 2015-03-06
Unspecified vulnerability in the Java Virtual Machine (JVM) in IBM SDK, Java Technology Edition 5.0 before SR16-FP9, 6 before SR16-FP3, 6R1 before SR8-FP3, 7 before SR8-FP10, and 7R1 before SR2-FP10 allows remote attackers to escape the Java sandbox and execute arbitrary code via unspecified vectors...

CVE-2014-8892
Published: 2015-03-06
Unspecified vulnerability in the Java Virtual Machine (JVM) in IBM SDK, Java Technology Edition 5.0 before SR16-FP9, 6 before SR16-FP3, 6R1 before SR8-FP3, 7 before SR8-FP10, and 7R1 before SR2-FP10 allows remote attackers to bypass intended access permissions and obtain sensitive information via un...

CVE-2015-1170
Published: 2015-03-06
The NVIDIA Display Driver R304 before 309.08, R340 before 341.44, R343 before 345.20, and R346 before 347.52 does not properly validate local client impersonation levels when performing a "kernel administrator check," which allows local users to gain administrator privileges via unspecified API call...

CVE-2015-1637
Published: 2015-03-06
Schannel (aka Secure Channel) in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly restrict TLS state transitions, which makes it easier for r...

CVE-2014-2130
Published: 2015-03-05
Cisco Secure Access Control Server (ACS) provides an unintentional administration web interface based on Apache Tomcat, which allows remote authenticated users to modify application files and configuration files, and consequently execute arbitrary code, by leveraging administrative privileges, aka B...

Dark Reading Radio
Archived Dark Reading Radio
How can security professionals better engage with their peers, both in person and online? In this Dark Reading Radio show, we will talk to leaders at some of the security industrys professional organizations about how security pros can get more involved with their colleagues in the same industry, with their peers in other industries, and with the IT security community as a whole.