Tech Center Privacy
Dark Reading's Privacy Tech Center offers the latest news and information on issues surrounding user privacy and identity protection. Written for security and IT professionals, the Privacy Tech Center is designed to provide details on technologies, threats, and legislation surrounding data privacy, as well as insights on how enterprises can protect the privacy of their employees, customers, and business partners.
Featured Commentary
-
Tim WilsonBig Data Makes A Big Target
LivingSocial.com is another in a long line of "big scores" for data attackers.
News
-
Twitter Adds SMS As Second Factor Of Authentication
Phone will be second means of verifying user identity, Twitter says
-
Startup Gets $7.5 Million For Cloud Content Privacy Tech
Funding was led by Handbag, LLC
-
Biometrics Firm CIC Secures Funding
Additional funding comes from a number of Phoenix Group affiliates and other investors
-
PCI Security Standards Council Names New Board Of Advisors
Members provide strategic and technical input to PCI SSC on specific areas of Council focus
-
EarthLink Launches PCI Compliance Solutions For Retailers
Solution features Approved Scan Vendor (ASV) vulnerability scans
More Stories
- Google's New Privacy Policy Display Violates California Privacy Protection Law, Is "Deceptive," Consumer Watchdog Tells Attorney General
- Consumer Reports: 58 Million U.S. PCs Infected With Malware
- BT Expands Cloud Compute Services Across Four Continents
- LivingSocial Says Cyberattack Puts Data Of 50 Million Customers At Risk
- Crocus Releases The Prototype Secure Authentication Engine
By The Numbers
Healthcare Records At Risk
Health plans are the most breached healthcare organizations, losing some 10.32 million patient records in the past year.
Source: HITRUST LLC
Commentary
-
Big Data Makes A Big Target
By Tim Wilson
LivingSocial.com is another in a long line of "big scores" for data attackers
-
ACLU Issues Wake-Up Call To Android Service Providers
By Tim Wilson
In complaint to FTC, civil liberties organization accuses AT&T, Verizon, Sprint, and T-Mobile of "unfair and deceptive business practices"
-
Evernote Resets Everyone's Passwords After Intrusion
By Larry Seltzer
After detecting a coordinated intrusion into their network, Evernote forced a system-wide password reset today. The attackers were able to access Evernote user information, which includes usernames, email addresses associated with Evernote accounts and encrypted passwords
-
The Road To Hell Is Authenticated By Facebook
OAuth allows us to log into many sites using familiar credentials, from Twitter, Facebook, Google or Microsoft. The main author of the original OAuth 1.0 spec says these giants took it and made OAuth 2.0 a monstrous, complex, and insecure mess that has already brought us significant vulnerabilities
Around the Web
Free Research and Reports
Whitepapers
- HP Newsletter with Gartner Research: Maximizing Your Infrastructure through Virtualization
- Understanding Holistic Database Security 8 Steps to Successfully Securing Enterprise Data Sources
- Application Testing Strategies in the IBM z/OS Environment
- Virtualizing Disaster Recovery Using Cloud Computing
- Preventing Security Risks in Real Time
Upcoming Events
Dark Reading Digital Magazine
In This Issue
- The Future Of Web Authentication: Password technology is out of steam. We need safer ways to prove who's who online.
- Rethink ID Management: If the technology continues to improve, it might soon be OK for all of us to be one person on the Web.
Tech Insight
Bugs
Enterprise Vulnerabilities From DHS/US-CERT's National Vulnerability Database
CVE-2012-4697
TURCK BL20 Programmable Gateway and BL67 Programmable Gateway have hardcoded accounts, which allows remote attackers to obtain administrative access via an FTP session.
CVE-2011-4520
Heap-based buffer overflow in an ActiveX component in MICROSYS PROMOTIC before 8.1.5 allows remote attackers to cause a denial of service via a crafted web page.
CVE-2011-4519
Stack-based buffer overflow in an ActiveX component in MICROSYS PROMOTIC before 8.1.5 allows remote attackers to cause a denial of service via a crafted web page.
CVE-2011-4518
Directory traversal vulnerability in the PmWebDir object in the web server in MICROSYS PROMOTIC before 8.1.5 allows remote attackers to read arbitrary files via unspecified vectors.
CVE-2012-6563
engine/lib/access.php in Elgg before 1.8.5 does not properly clear cached access lists during plugin boot, which allows remote attackers to read private entities via unspecified vectors.