Upcoming Webinars
Webinar Archives
App Developer Conference @ GDC Next
Date: Nov 04, 2014
View webinar


iBeacons, BLE beacons and Everything in Between: Unpacking Proximity Sensing Technology @ Black Hat Europe
Date: Nov 04, 2014
View webinar


Mobile Conversion is Broken: How To Fix It with Smart Mobile Design @ App Developers Conference
Date: Nov 04, 2014
View webinar


Simplified IT 101: Efficient Enterprise Storage for Lower TCO
Date: Nov 03, 2014
View webinar
Improve storage efficiency and you benefit many areas of the data center, from performance speed to space and energy costs. Of course, storage characteristics, such as capacity allocation and utilization, data protection, and level of management, affect efficiency, especially with heavy use of server virtualization. Our instructor will explain how to evaluate the efficiency of your storage systems and suggest management tools that can help IT gain visibility and lower TCO.

eSecurity 105:Monitoring Threats and Measuring Risk
Date: Oct 31, 2014
View webinar
Once an online business has shored up its defenses against new threats, it must develop an ongoing program for monitoring its systems for potential compromises - and measuring the risk faced by the business. In this session, we offer tips for building systems and processes for tracking threat and fraud indicators, and for creating real metrics for benchmarking the current threat environment.

eSecurity 104: Understanding Retail Threats and Fraud
Date: Oct 30, 2014
View webinar
To develop an effective defense against online threats, an e-commerce company must understand its attackers and their methods. In this session, we outline the various types of attackers who target online commerce, including those who prey on the corporate website and those who prey upon the customers themselves.

eSecurity 103: Protecting Performance from Traffic Spikes
Date: Oct 29, 2014
View webinar
One of the great ironies of e-commerce is that online system security is usually at its weakest during the most critical time periods, such as the holiday shopping season. In this session, we provide counsel on the preventative and the operative measures that can be taken when traffic is at its highest - and system and human resources are stretched to the maximum.

Simplified IT 105: Making the Most Of the Cloud
Date: Oct 28, 2014
View webinar
Most midmarket businesses recognize that cloud services will be part of their IT portfolios. However, how do you decide which services are best run in IaaS, SaaS, and/or PaaS versus kept on internal systems? The decision points involve efficiency, agility, and TCO. Our instructor will help develop a decision matrix that can be applied to new and existing IT services.

eSecurity 102: Protecting Back-End Systems
Date: Oct 28, 2014
View webinar
Most attacks on retail and e-commerce websites are conducted by cyber criminals who want to steal large databases of personal information and credentials. In this session, we offer a closer look at the methods used to penetrate a retailer's back-end systems - including targeted attacks on databases, DDoS "smokescreens" used to obfuscate more sophisticated exploits -- and other surprises that can happen during a DDoS attack.

Simplified IT 104: Reduce Your IT Footprint
Date: Oct 27, 2014
View webinar
There are worse growth mottos for midsize companies than: "Avoid IT Sprawl." The goal is a fully optimized infrastructure, with converged storage and LAN traffic and aggressive control over adoption of new applications. Our instructor will explain how to achieve maximum efficiency via advancements in servers, storage, networking, and data center management that are allowing IT to cut back on power, space, staffing, and complexity.

eSecurity 101: Protecting the Customer-Facing Website
Date: Oct 27, 2014
View webinar
One of the greatest challenges in e-commerce is to build a website that is extremely easy for customers to access and use - but extremely difficult for online criminals to attack. In this session, we offer an overview of defenses against Internet-based threats - including DDoS attacks, DNS exploits, and cross-site scripting - to help enterprises steel their sites against potential compromise.

Simplified IT 103: Adapt Your Infrastructure to Learn From Your Data
Date: Oct 23, 2014
View webinar
The size of some midmarket companies' data stores might surprise you. On the bright side, it's easier to build from the start following best practices in platform selection and managing volume, velocity, and variety than to go back and retrofit, as many enterprises are now finding. And, actionable business information may be more easily shared among tightly focused teams.

Simplified IT 102: Squeeze the Most Out of Virtualization
Date: Oct 22, 2014
View webinar
A heavily virtualized data center is an efficient data center. Our instructor will explain how to evaluate your current server and virtual machine utilization and workload management strategy and outline strategies for increasing density. We'll also look at what's next -- namely containerization, driven by interest in PaaS, DevOps, and scale-out applications -- and explain where it is and is not a fit.

Register for Dark Reading Newsletters
Partner Perspectives
What's This?
In a digital world inundated with advanced security threats, Intel Security seeks to transform how we live and work to keep our information secure. Through hardware and software development, Intel Security delivers robust solutions that integrate security into every layer of every digital device. In combining the security expertise of McAfee with the innovation, performance, and trust of Intel, this vision becomes a reality.

As we rely on technology to enhance our everyday and business life, we must too consider the security of the intellectual property and confidential data that is housed on these devices. As we increase the number of devices we use, we increase the number of gateways and opportunity for security threats. Intel Security takes the “security connected” approach to ensure that every device is secure, and that all security solutions are seamlessly integrated.
Featured Writers
White Papers
Cartoon
Current Issue
Dark Reading's October Tech Digest
Fast data analysis can stymie attacks and strengthen enterprise security. Does your team have the data smarts?
Flash Poll
10 Recommendations for Outsourcing Security
10 Recommendations for Outsourcing Security
Enterprises today have a wide range of third-party options to help improve their defenses, including MSSPs, auditing and penetration testing, and DDoS protection. But are there situations in which a service provider might actually increase risk?
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2012-2413
Published: 2014-10-20
Cross-site scripting (XSS) vulnerability in the ja_purity template for Joomla! 1.5.26 and earlier allows remote attackers to inject arbitrary web script or HTML via the Mod* cookie parameter to html/modules.php.

CVE-2012-5244
Published: 2014-10-20
Multiple SQL injection vulnerabilities in Banana Dance B.2.6 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) return, (2) display, (3) table, or (4) search parameter to functions/suggest.php; (5) the id parameter to functions/widgets.php, (6) the category parameter to...

CVE-2012-5694
Published: 2014-10-20
Multiple SQL injection vulnerabilities in Bulb Security Smartphone Pentest Framework (SPF) before 0.1.3 allow remote attackers to execute arbitrary SQL commands via the (1) agentPhNo, (2) controlPhNo, (3) agentURLPath, (4) agentControlKey, or (5) platformDD1 parameter to frameworkgui/attach2Agents.p...

CVE-2012-5695
Published: 2014-10-20
Multiple cross-site request forgery (CSRF) vulnerabilities in Bulb Security Smartphone Pentest Framework (SPF) 0.1.2 through 0.1.4 allow remote attackers to hijack the authentication of administrators for requests that conduct (1) shell metacharacter or (2) SQL injection attacks or (3) send an SMS m...

CVE-2012-5696
Published: 2014-10-20
Bulb Security Smartphone Pentest Framework (SPF) before 0.1.3 does not properly restrict access to frameworkgui/config, which allows remote attackers to obtain the plaintext database password via a direct request.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Follow Dark Reading editors into the field as they talk with noted experts from the security world.