Tech Center Privacy
Dark Reading's Privacy Tech Center offers the latest news and information on issues surrounding user privacy and identity protection. Written for security and IT professionals, the Privacy Tech Center is designed to provide details on technologies, threats, and legislation surrounding data privacy, as well as insights on how enterprises can protect the privacy of their employees, customers, and business partners.
Two-step verification system has no provision for backup access or lost phones, doesn't address public username problem.
Dark Mail Alliance aims to create open-source email protocol and architecture for the industry in wake of NSA spying revelations
National Security Agency can intercept traffic from Google's and Yahoo's data centers outside the U.S., according to documents from Edward Snowden
Tracking technology that can identify individual identities and devices is improving faster than consumers might realize, warn privacy researchers
WhiteHat's Aviator browser promises better privacy online
New information shows the extent the U.S. may be playing both offense and defense in cyberspace
- NSA Responds To Criticism Over Surveillance Programs
- PCI DSS 3.0 Change Highlights
- Silent Circle, Lavabit End Secure Email Services Due To Surveillance Concerns
- NSA Director Faces Cybersecurity Community At Black Hat
- Reputation.com Acquires Online Platform MySocialCloud
By The Numbers
Healthcare Records At Risk
Health plans are the most breached healthcare organizations, losing some 10.32 million patient records in the past year.
Source: HITRUST LLC
Around the Web
- HHS Inspector General: Obamacare Privacy Protections Way Behind Schedule; Rampant Violations Of Law Possible
- California Gives Teens A Do-Over
- The Enemy Of Risk Management Starts With A C (And It's Not China)
Products & Releases
Free Research and Reports
Dark Reading Digital Magazine
Quick Wins For Strengthening SMB Security
Time To Set Up That Honeypot
Securing Cisco IP Telephony
Attribution Is Much More Than A Source IP
New CA Group Has Big Names, Small Impact
How To Build An IT Security Budget
5 Approaches To Decaffeinating Java Exploits
Enterprise Vulnerabilities From DHS/US-CERT's National Vulnerability Database
Cross-site scripting (XSS) vulnerability in the Spacewalk service in SUSE Manager 1.2 for SUSE Linux Enterprise (SLE) 11 SP1 allows remote attackers to inject arbitrary web script or HTML via an image name.
zypp-refresh-wrapper in SUSE Zypper before 1.3.20 and 1.6.x before 1.6.166 allows local users to create files in arbitrary directories, or possibly have unspecified other impact, via a pathname in the ZYPP_LOCKFILE_ROOT environment variable.
LanItems.ycp in save_y2logs in yast2-network before 2.24.4 in SUSE YaST writes cleartext Wi-Fi credentials to the y2log log file, which allows context-dependent attackers to obtain sensitive information by reading the (1) WIRELESS_WPA_PASSWORD or (2) WIRELESS_CLIENT_KEY_PASSWORD field.
Race condition in sap_suse_cluster_connector before 1.0.0-0.8.1 in SUSE Linux Enterprise for SAP Applications 11 SP2 allows local users to have an unspecified impact via vectors related to a tmp/ directory.
yast2-add-on-creator in SUSE inst-source-utils 2008.11.26 before 2008.11.26-0.9.1 and 2012.9.13 before 2012.9.13-0.8.1 allows local users to gain privileges via a crafted (1) file name or (2) directory name.