Upcoming Webinars
Webinar Archives
7 Diagrams Every Software Professional Should Understand
Date: Oct 21, 2014
View webinar
You?ll deepen your understanding as Steve tackles the seven essential diagrams ? the key to developing sound software engineering judgment. Learn what really affects software projects ? and never be surprised again.

Accelerate and Simplify with Dell server Innovations featuring Intel® Xeon® processor technology
Date: Oct 21, 2014
View webinar
Register for this webinar to understand the advantages of the latest Intel® Xeon® processor technology that drives the performance of your environment, and Dell server innovation and services that drive application performance to new levels, reduce management complexity and take the risk out of migrating siloed RISC and UNIX systems into open X86 technologies.

DevOps for Financial Services: 8 Best Practices
Date: Aug 10, 2014
View webinar
Register for this webinar to hear Kurt Bittner, Forrester Principal Analyst for Application Development & Delivery, talk about the increasing adoption and significant benefits of DevOps for Financial Services organizations and other fast-paced industries.

Employee Enablement Infrastructure Strategies
Date: Aug 10, 2014
View webinar
This is the third of three Information Week Webinars in a series entitled ?Mobilizing the New Millennial Workforce?, where we will bring together industry analysts and experts to share their unique perspectives on enterprise mobility, collaboration, unified communications, mobile applications, device management, mobile security and cloud-aware networks. In the era of Bring Your Own Device (BYOD), securing and managing your data housed on personal mobile devices is essential but it doesn't need to be difficult.

The Future of FedRAMP
Date: Jul 10, 2014
View webinar
This webinar will look at what agencies and service providers can expect from FedRAMP going forward.

The cost of inaction?what cyber crime could cost your business
Date: Jul 10, 2014
View webinar
The average company in the United States loses $12.7 million annually to cyber crime. Other countries are close behind. These are results from the recently completed Ponemon Institute 2014 Cost of Cyber Crime study.

Big Data 105: Leveraging Big Data Streams for Advanced Analytics
Date: Mar 10, 2014
View webinar
The most successful and innovative data-driven enterprises are augmenting their own information stores with public and proprietary feeds from social media, marketing firms, government agencies, and more.

Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading Must Reads - September 25, 2014
Dark Reading's new Must Reads is a compendium of our best recent coverage of identity and access management. Learn about access control in the age of HTML5, how to improve authentication, why Active Directory is dead, and more.
Flash Poll
10 Recommendations for Outsourcing Security
10 Recommendations for Outsourcing Security
Enterprises today have a wide range of third-party options to help improve their defenses, including MSSPs, auditing and penetration testing, and DDoS protection. But are there situations in which a service provider might actually increase risk?
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2003-1598
Published: 2014-10-01
SQL injection vulnerability in log.header.php in WordPress 0.7 and earlier allows remote attackers to execute arbitrary SQL commands via the posts variable.

CVE-2011-4624
Published: 2014-10-01
Cross-site scripting (XSS) vulnerability in facebook.php in the GRAND FlAGallery plugin (flash-album-gallery) before 1.57 for WordPress allows remote attackers to inject arbitrary web script or HTML via the i parameter.

CVE-2012-0811
Published: 2014-10-01
Multiple SQL injection vulnerabilities in Postfix Admin (aka postfixadmin) before 2.3.5 allow remote authenticated users to execute arbitrary SQL commands via (1) the pw parameter to the pacrypt function, when mysql_encrypt is configured, or (2) unspecified vectors that are used in backup files gene...

CVE-2014-2640
Published: 2014-10-01
Cross-site scripting (XSS) vulnerability in HP System Management Homepage (SMH) before 7.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVE-2014-2641
Published: 2014-10-01
Cross-site request forgery (CSRF) vulnerability in HP System Management Homepage (SMH) before 7.4 allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Chris Hadnagy, who hosts the annual Social Engineering Capture the Flag Contest at DEF CON, will discuss the latest trends attackers are using.