Endpoint // Privacy
News & Commentary
NSA Director Downplays Damage From Snowden Leaks
Kelly Jackson Higgins, Senior Editor, Dark ReadingQuick Hits
New NSA director tells The New York Times he'll have to be more open about agency's activities than his predecessors.
By Kelly Jackson Higgins Senior Editor, Dark Reading, 6/30/2014
Comment0 comments  |  Read  |  Post a Comment
What Workplace Privacy Will Look Like In 10 Years
David Melnick, Founder & CEO, WebLife BalanceCommentary
New laws like Europe's "right to be forgotten" in Google search are just the latest examples of how quickly perceptions and practices about personal privacy in the workplace are changing.
By David Melnick Founder & CEO, WebLife Balance, 6/19/2014
Comment10 comments  |  Read  |  Post a Comment
Spyware Found On Chinese-Made Smartphone
Tim Wilson, Editor in Chief, Dark ReadingQuick Hits
Unknown manufacturer ships smartphones loaded with app that could allow a hacker to steal personal data or spy on the user, German researcher says.
By Tim Wilson Editor in Chief, Dark Reading, 6/19/2014
Comment5 comments  |  Read  |  Post a Comment
Data Security Decisions In A World Without TrueCrypt
Cam Roberson, Director Reseller Channel, Beachhead SolutionsCommentary
The last days of TrueCrypt left many unanswered questions. But one thing is certain: When encryption freeware ends its life abruptly, being a freeloader can get you into a load of trouble.
By Cam Roberson Director Reseller Channel, Beachhead Solutions, 6/18/2014
Comment16 comments  |  Read  |  Post a Comment
P.F. Chang's Confirms Security Breach
Tim Wilson, Editor in Chief, Dark ReadingQuick Hits
After initial silence, P.F. Chang's restaurant chain goes live with website disclosing information on stolen credit card data.
By Tim Wilson Editor in Chief, Dark Reading, 6/14/2014
Comment3 comments  |  Read  |  Post a Comment
Google Adds Chrome Encryption Option For Webmail
Kelly Jackson Higgins, Senior Editor, Dark ReadingNews
An end-to-end encryption test module for Chrome is available now.
By Kelly Jackson Higgins Senior Editor, Dark Reading, 6/4/2014
Comment0 comments  |  Read  |  Post a Comment
How The Math Of Biometric Authentication Adds Up
Dave Kearns, Analyst, Kuppinger-ColeCommentary
Yes, it's true that if your authentication scheme only allows a single fingerprint you only have 10 choices. But there's no rule that says it has to be one, and only one.
By Dave Kearns Analyst, Kuppinger-Cole, 6/2/2014
Comment12 comments  |  Read  |  Post a Comment
eBay Breach: Is Your Identity Up For Auction?
JD Sherry, VP Technology & Solutions, Trend MicroCommentary
In a sick twist of events, the roles may just have been reversed on eBay users. Its their social media identities and data that now have the greatest value in the cyber underground.
By JD Sherry VP Technology & Solutions, Trend Micro, 5/23/2014
Comment10 comments  |  Read  |  Post a Comment
Breach At Bit.ly Blamed On Offsite Backup Storage Provider
Tim Wilson, Editor in Chief, Dark ReadingQuick Hits
URL shortening service says user database may have been compromised through backup data.
By Tim Wilson Editor in Chief, Dark Reading, 5/13/2014
Comment2 comments  |  Read  |  Post a Comment
Defending Against Identity Theft In The Military
Lysa Myers, Security Researcher, ESETCommentary
Our military troops are twice as likely to be victims of identity theft as the general population. The reason is in the structure of military culture.
By Lysa Myers Security Researcher, ESET, 5/5/2014
Comment5 comments  |  Read  |  Post a Comment
Privacy, Cybercrime Headline the Infosecurity Europe Conference
Mathew J. Schwartz,
Attendees debate NSA surveillance, privacy reforms, cybercrime defenses, and sharpen their CISO skills.
By Mathew J. Schwartz , 5/2/2014
Comment6 comments  |  Read  |  Post a Comment
How To Avoid Sloppy Authentication
Garret Grajek, CTO & COO, SecureAuthCommentary
Viewing authentication as a process, not simply as an encryption or algorithm, is the key to defending corporate resources from attacks.
By Garret Grajek CTO & COO, SecureAuth, 5/1/2014
Comment2 comments  |  Read  |  Post a Comment
Internet of Thingbots: The New Security Worry
Jeff Bertolucci, Commentary
Phishing and spam attacks involving Internet of Things devices are coming -- and app developers and device makers must be ready, says a CA Technologies exec.
By Jeff Bertolucci , 4/30/2014
Comment7 comments  |  Read  |  Post a Comment
Workplace Data Privacy Vs. Security: The New Balance
David Melnick, Founder & CEO, WebLife BalanceCommentary
Is it time to rethink the traditional lock-down approach to employee use of corporate networks at work?
By David Melnick Founder & CEO, WebLife Balance, 4/23/2014
Comment12 comments  |  Read  |  Post a Comment
FAQ: Understanding The True Price of Encryption
Sol Cates, CSO, VormetricCommentary
In the wake of recent events like Heartbleed, the search for cost-effective, easy, and scalable encryption solutions has never been more important.
By Sol Cates CSO, Vormetric, 4/21/2014
Comment8 comments  |  Read  |  Post a Comment
Whats Worse: Credit Card Or Identity Theft?
Kerstyn Clover, Attack & Defense Team ConsultantCommentary
When it comes to data loss, its time for the conversation to shift from credit cards to personal information like Social Security numbers, home addresses, and your favorite flavor of ice cream.
By Kerstyn Clover Attack & Defense Team Consultant, 4/9/2014
Comment17 comments  |  Read  |  Post a Comment
NSAs Big Surprise: Govt Agency Is Actually Doing Its Job
Ira Winkler, Commentary
When people claimed after 9/11 that the NSA was ill equipped to deal with a changing world, I wonder what they expected to happen.
By Ira Winkler , 4/4/2014
Comment14 comments  |  Read  |  Post a Comment
Community & A Virtual Handshake
Marilyn Cohodas, Community Editor, Dark ReadingCommentary
A secret handshake means you are part of a shared experience. That's what the Dark Reading community is all about.
By Marilyn Cohodas Community Editor, Dark Reading, 3/31/2014
Comment2 comments  |  Read  |  Post a Comment
Richard Clarke: Snowden Should Be in Prison
Sara Peters, CommentaryVideo
Former White House cybersecurity advisor says Edward Snowden has jeopardized the United States' national security.
By Sara Peters , 3/28/2014
Comment10 comments  |  Read  |  Post a Comment
Richard Clarke: Foreign Governments Not So Surprised by US Snooping
Sara Peters, CommentaryVideo
Former White House cybersecurity advisor thinks foreign governments' outrage is largely an act.
By Sara Peters , 3/27/2014
Comment3 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Register for Dark Reading Newsletters
White Papers
Current Issue
Cartoon
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2012-4988
Published: 2014-07-09
Heap-based buffer overflow in the xjpegls.dll (aka JLS, JPEG-LS, or JPEG lossless) format plugin in XnView 1.99 and 1.99.1 allows remote attackers to execute arbitrary code via a crafted JLS image file.

CVE-2014-0207
Published: 2014-07-09
The cdf_read_short_sector function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted CDF file.

CVE-2014-0537
Published: 2014-07-09
Adobe Flash Player before 13.0.0.231 and 14.x before 14.0.0.145 on Windows and OS X and before 11.2.202.394 on Linux, Adobe AIR before 14.0.0.137 on Android, Adobe AIR SDK before 14.0.0.137, and Adobe AIR SDK & Compiler before 14.0.0.137 allow attackers to bypass intended access restrictions via uns...

CVE-2014-0539
Published: 2014-07-09
Adobe Flash Player before 13.0.0.231 and 14.x before 14.0.0.145 on Windows and OS X and before 11.2.202.394 on Linux, Adobe AIR before 14.0.0.137 on Android, Adobe AIR SDK before 14.0.0.137, and Adobe AIR SDK & Compiler before 14.0.0.137 allow attackers to bypass intended access restrictions via uns...

CVE-2014-3309
Published: 2014-07-09
The NTP implementation in Cisco IOS and IOS XE does not properly support use of the access-group command for a "deny all" configuration, which allows remote attackers to bypass intended restrictions on time synchronization via a standard query, aka Bug ID CSCuj66318.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Marilyn Cohodas and her guests look at the evolving nature of the relationship between CIO and CSO.