Tech Center Privacy
Dark Reading's Privacy Tech Center offers the latest news and information on issues surrounding user privacy and identity protection. Written for security and IT professionals, the Privacy Tech Center is designed to provide details on technologies, threats, and legislation surrounding data privacy, as well as insights on how enterprises can protect the privacy of their employees, customers, and business partners.
Two-step verification system has no provision for backup access or lost phones, doesn't address public username problem.
Mikko Hypponen reflects on shift toward rampant government spying and use of malware -- and targeted attack attempts on F-Secure
Spying revelations and document leaks a big theme at RSA Conference 2014, but views on the controversy are split
RSA chairman calls for global intelligence community reforms, spinning IAD off from NSA
Several leading security experts have pulled out of the RSA conference over unanswered questions concerning the NSA's $10 million payment to RSA
Dark Mail Alliance aims to create open-source email protocol and architecture for the industry in wake of NSA spying revelations
- NSA Reportedly Taps Google, Yahoo Data Centers
- Browser Fingerprinting: 9 Facts
- WhiteHat Security Releases Web Browser To Fight Off Ads, Tracking
- Security Experts: Expect U.S. Cyberoffensive Efforts To Grow
- NSA Responds To Criticism Over Surveillance Programs
By The Numbers
Healthcare Records At Risk
Health plans are the most breached healthcare organizations, losing some 10.32 million patient records in the past year.
Source: HITRUST LLC
Around the Web
- HHS Inspector General: Obamacare Privacy Protections Way Behind Schedule; Rampant Violations Of Law Possible
- California Gives Teens A Do-Over
- The Enemy Of Risk Management Starts With A C (And It's Not China)
Products & Releases
Free Research and Reports
- Cloud for Business Managers in Midsize Organisations: the Good, the Bad & the Ugly
- Dell Software Foglight APM 5.9: Introducing Big Data Repository/Reporting Supporting Web Analytics and User-Centric APM
- Real-world Identity and Access Management (IAM) for Unix-based Systems
- A New Set of Network Security Challenges
- Moving Single Sign-on Beyond Convenience
- The CIO's and IT Organization's Critical Role in Driving Digital Business - InformationWeek Conference
- Crash Course in Open Source Cloud Computing - Interop Las Vegas
- No CIO Ever Got Promoted For… - Interop Las Vegas
- The DevOps Pay Raise: Quantifying Your Value to Move Up the Ladder - Interop Las Vegas
- Prepare for the IoT Revolution | The Internet of Things Summit at Interop - Interop Las Vegas
Dark Reading Digital Magazine
Quick Wins For Strengthening SMB Security
Time To Set Up That Honeypot
Securing Cisco IP Telephony
Attribution Is Much More Than A Source IP
New CA Group Has Big Names, Small Impact
How To Build An IT Security Budget
5 Approaches To Decaffeinating Java Exploits
Enterprise Vulnerabilities From DHS/US-CERT's National Vulnerability Database
SQL injection vulnerability in ImageCMS before 4.2 allows remote authenticated administrators to execute arbitrary SQL commands via the q parameter to admin/admin_search/. NOTE: this can be leveraged using CSRF to allow remote unauthenticated attackers to execute arbitrary SQL commands.
Cross-site scripting (XSS) vulnerability in open-flash-chart.swf in Open Flash Chart (aka Open-Flash Chart), as used in the Pretty Link Lite plugin before 1.6.3 for WordPress, JNews (com_jnews) component 8.0.1 for Joomla!, and CiviCRM 3.1.0 through 4.2.9 and 4.3.0 through 4.3.3, allows remote attackers to inject arbitrary web script or HTML via the get-data parameter.
Multiple cross-site scripting (XSS) vulnerabilities in ownCloud Server before 5.0.1 allow remote attackers to inject arbitrary web script or HTML via the (1) new_name parameter to apps/bookmarks/ajax/renameTag.php or (2) multiple unspecified parameters to unknown files in apps/contacts/ajax/.
SQL injection vulnerability in addressbookprovider.php in ownCloud Server before 5.0.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, related to the contacts application.
SQL injection vulnerability in lib/db.php in ownCloud Server 5.0.x before 5.0.6 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.