Endpoint // Privacy
News & Commentary
Open Source Encryption Must Get Smarter
Matt Little, VP Product Development, PKWARECommentary
When it comes to cryptography, there are quite a few myths in the age-old debate about proprietary versus open source application security.
By Matt Little VP Product Development, PKWARE, 12/8/2014
Comment3 comments  |  Read  |  Post a Comment
Moving Beyond 2-Factor Authentication With Context
Keith Graham, CTO, SecureAuthCommentary
2FA isnt cheap or infallible -- in more ways than two.
By Keith Graham CTO, SecureAuth, 12/5/2014
Comment11 comments  |  Read  |  Post a Comment
Ultra-Private Messaging Spreads To Apple Mac, Windows, Linux Desktops
Kelly Jackson Higgins, Executive Editor at Dark ReadingQuick Hits
Wickr's secure mobile messaging app expands to the desktop amid explosion in encryption activity.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 12/4/2014
Comment0 comments  |  Read  |  Post a Comment
New TLS/SSL Version Ready In 2015
Kelly Jackson Higgins, Executive Editor at Dark ReadingQuick Hits
One of the first steps in making encryption the norm across the Net is an update to the protocol itself and a set of best-practices for using encryption in applications.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 12/4/2014
Comment2 comments  |  Read  |  Post a Comment
Google Gets Better At Spotting Humans
Thomas Claburn, Editor-at-LargeNews
Google's revised reCAPTCHA test promises to help website users solve security puzzles faster -- unless they are using a browser's private mode or some other privacy measure.
By Thomas Claburn Editor-at-Large, 12/3/2014
Comment2 comments  |  Read  |  Post a Comment
Q&A: Internet Encryption As The New Normal
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Internet Architecture Board chairman Russ Housley explains what the IAB's game-changing statement about encryption means for the future of the Net.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 12/1/2014
Comment6 comments  |  Read  |  Post a Comment
The Week When Attackers Started Winning The War On Trust
Kevin Bocek, VP Security Strategy & Threat Intelligence, VenafiCommentary
The misuse of keys and certificates is not exotic or hypothetical. Its a real threat that could undermine most, if not all, critical security controls, as recent headlines strongly show.
By Kevin Bocek VP Security Strategy & Threat Intelligence, Venafi, 11/21/2014
Comment1 Comment  |  Read  |  Post a Comment
Killing Passwords: Dont Get A-Twitter Over Digits
Dave Kearns, Analyst, Kuppinger-ColeCommentary
Twitters new service that eliminates passwords for authentication actually makes your mobile device less secure.
By Dave Kearns Analyst, Kuppinger-Cole, 11/19/2014
Comment5 comments  |  Read  |  Post a Comment
Is Security Awareness Training Really Worth It?
Fahmida Y. Rashid, News
Experts weigh in on the value of end-user security training, and how to make education more effective.
By Fahmida Y. Rashid , 11/18/2014
Comment9 comments  |  Read  |  Post a Comment
TRUSTe Not So Trustworthy
Thomas Claburn, Editor-at-LargeNews
Privacy certification company has agreed to pay $200,000 to settle FTC charges that it deceived consumers.
By Thomas Claburn Editor-at-Large, 11/17/2014
Comment0 comments  |  Read  |  Post a Comment
Walk & Stalk: A New Twist In Cyberstalking
Ken Munro,  Partner & Founder, Pen Test Partners LLPCommentary
How hackers can turn Wifi signals from smartphones and tablets into a homing beacon that captures users' online credentials and follows them, undetected, throughout the course of the day.
By Ken Munro Partner & Founder, Pen Test Partners LLP, 11/11/2014
Comment4 comments  |  Read  |  Post a Comment
This Week in 60 Seconds: Net Neutrality, IT Hiring
Andrew Conry Murray, Director of Content & Community, InteropCommentary
Our video wrap-up shares how to win net neutrality, wades into the debate over an IT talent shortage, and more.
By Andrew Conry Murray Director of Content & Community, Interop, 11/7/2014
Comment6 comments  |  Read  |  Post a Comment
Privacy Versus The 'Tyranny Of The Algorithm'
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Health, social media, buying trends, and other data and activity are routinely bartered for profit, but at what cost to the consumer or user?
By Kelly Jackson Higgins Executive Editor at Dark Reading, 11/5/2014
Comment3 comments  |  Read  |  Post a Comment
Workplace Privacy: Big Brother Is Watching
David Melnick, Founder & CEO, WebLife BalanceCommentary
Companies may have the right to monitor employees who are checking their bank balances or shopping online on corporate networks. The real question is, should they?
By David Melnick Founder & CEO, WebLife Balance, 11/4/2014
Comment12 comments  |  Read  |  Post a Comment
4 Essentials For Mobile Device VPNs
Patrick Oliver Graf, GM, Americas, NCP EngineeringCommentary
VPNs for smartphones and tablets have different requirements than laptops. Heres what you need to know.
By Patrick Oliver Graf GM, Americas, NCP Engineering, 10/31/2014
Comment10 comments  |  Read  |  Post a Comment
Verizon Wireless Embroiled In Tracking Controversy
Kristin Burnham, Senior Editor, InformationWeek.comNews
Verizon Wireless is in hot water with security and privacy advocates regarding unique identifier headers that function as what one EFF expert calls "perma-cookies."
By Kristin Burnham Senior Editor, InformationWeek.com, 10/29/2014
Comment15 comments  |  Read  |  Post a Comment
FBI Director Urges New Encryption Legislation
Sara Peters, Senior Editor at Dark ReadingNews
Encryption algorithms do not acknowledge "lawful access."
By Sara Peters Senior Editor at Dark Reading, 10/16/2014
Comment5 comments  |  Read  |  Post a Comment
Berners-Lee Behind New Private Communications Network For Ultra-Privacy Conscious
Kelly Jackson Higgins, Executive Editor at Dark ReadingQuick Hits
MeWe offers free, secure, and private communications.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 10/16/2014
Comment2 comments  |  Read  |  Post a Comment
'POODLE' Attacks, Kills Off SSL 3.0
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
A newly discovered design flaw in an older version of SSL encryption protocol could be used for man-in-the-middle attacks -- leading some browser vendors to remove SSL 3.0 for good.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 10/15/2014
Comment9 comments  |  Read  |  Post a Comment
Stolen Medical Data Is Now A Hot Commodity
Lysa Myers, Security Researcher, ESETCommentary
While credit cards are selling for a dollar or less on the black market, personal health credentials are commanding as much as $10 per patient. Heres why.
By Lysa Myers Security Researcher, ESET, 10/14/2014
Comment6 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading Tech Digest, Dec. 19, 2014
Software-defined networking can be a net plus for security. The key: Work with the network team to implement gradually, test as you go, and take the opportunity to overhaul your security strategy.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-5208
Published: 2014-12-22
BKBCopyD.exe in the Batch Management Packages in Yokogawa CENTUM CS 3000 through R3.09.50 and CENTUM VP through R4.03.00 and R5.x through R5.04.00, and Exaopc through R3.72.10, does not require authentication, which allows remote attackers to read arbitrary files via a RETR operation, write to arbit...

CVE-2014-7286
Published: 2014-12-22
Buffer overflow in AClient in Symantec Deployment Solution 6.9 and earlier on Windows XP and Server 2003 allows local users to gain privileges via unspecified vectors.

CVE-2014-8896
Published: 2014-12-22
The Collaboration Server in IBM InfoSphere Master Data Management Server for Product Information Management 9.x through 9.1 and InfoSphere Master Data Management - Collaborative Edition 10.x through 10.1, 11.0 before FP7, and 11.3 and 11.4 before 11.4 FP1 allows remote authenticated users to modify ...

CVE-2014-8897
Published: 2014-12-22
Cross-site scripting (XSS) vulnerability in the Collaboration Server in IBM InfoSphere Master Data Management Server for Product Information Management 9.x through 9.1 and InfoSphere Master Data Management - Collaborative Edition 10.x through 10.1, 11.0 before FP7, and 11.3 and 11.4 before 11.4 FP1 ...

CVE-2014-8898
Published: 2014-12-22
Cross-site scripting (XSS) vulnerability in the Collaboration Server in IBM InfoSphere Master Data Management Server for Product Information Management 9.x through 9.1 and InfoSphere Master Data Management - Collaborative Edition 10.x through 10.1, 11.0 before FP7, and 11.3 and 11.4 before 11.4 FP1 ...

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Join us Wednesday, Dec. 17 at 1 p.m. Eastern Time to hear what employers are really looking for in a chief information security officer -- it may not be what you think.