Upcoming Webinars
Webinar Archives
Accelerate and Simplify with Dell server Innovations featuring Intel® Xeon® processor technology
Date: Oct 21, 2014
View webinar
Register for this webinar to understand the advantages of the latest Intel® Xeon® processor technology that drives the performance of your environment, and Dell server innovation and services that drive application performance to new levels, reduce management complexity and take the risk out of migrating siloed RISC and UNIX systems into open X86 technologies.

7 Diagrams Every Software Professional Should Understand
Date: Oct 21, 2014
View webinar
You?ll deepen your understanding as Steve tackles the seven essential diagrams ? the key to developing sound software engineering judgment. Learn what really affects software projects ? and never be surprised again.

DevOps for Financial Services: 8 Best Practices
Date: Aug 10, 2014
View webinar
Register for this webinar to hear Kurt Bittner, Forrester Principal Analyst for Application Development & Delivery, talk about the increasing adoption and significant benefits of DevOps for Financial Services organizations and other fast-paced industries.

Employee Enablement Infrastructure Strategies
Date: Aug 10, 2014
View webinar
This is the third of three Information Week Webinars in a series entitled ?Mobilizing the New Millennial Workforce?, where we will bring together industry analysts and experts to share their unique perspectives on enterprise mobility, collaboration, unified communications, mobile applications, device management, mobile security and cloud-aware networks. In the era of Bring Your Own Device (BYOD), securing and managing your data housed on personal mobile devices is essential but it doesn't need to be difficult.

The Future of FedRAMP
Date: Jul 10, 2014
View webinar
This webinar will look at what agencies and service providers can expect from FedRAMP going forward.

The cost of inaction?what cyber crime could cost your business
Date: Jul 10, 2014
View webinar
The average company in the United States loses $12.7 million annually to cyber crime. Other countries are close behind. These are results from the recently completed Ponemon Institute 2014 Cost of Cyber Crime study.

Big Data 105: Leveraging Big Data Streams for Advanced Analytics
Date: Mar 10, 2014
View webinar
The most successful and innovative data-driven enterprises are augmenting their own information stores with public and proprietary feeds from social media, marketing firms, government agencies, and more.

Unleashing the Power of Real-Time Data in Insurance Marketing
Date: Feb 10, 2014
View webinar
Insurance is a highly competitive industry with immense advertising and marketing spend. But that doesn't mean that all marketing dollars are spent equally.

Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading Must Reads - September 25, 2014
Dark Reading's new Must Reads is a compendium of our best recent coverage of identity and access management. Learn about access control in the age of HTML5, how to improve authentication, why Active Directory is dead, and more.
Flash Poll
10 Recommendations for Outsourcing Security
10 Recommendations for Outsourcing Security
Enterprises today have a wide range of third-party options to help improve their defenses, including MSSPs, auditing and penetration testing, and DDoS protection. But are there situations in which a service provider might actually increase risk?
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2012-5485
Published: 2014-09-30
registerConfiglet.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to execute Python code via unspecified vectors, related to the admin interface.

CVE-2012-5486
Published: 2014-09-30
ZPublisher.HTTPRequest._scrubHeader in Zope 2 before 2.13.19, as used in Plone before 4.3 beta 1, allows remote attackers to inject arbitrary HTTP headers via a linefeed (LF) character.

CVE-2012-5487
Published: 2014-09-30
The sandbox whitelisting function (allowmodule.py) in Plone before 4.2.3 and 4.3 before beta 1 allows remote authenticated users with certain privileges to bypass the Python sandbox restriction and execute arbitrary Python code via vectors related to importing.

CVE-2012-5488
Published: 2014-09-30
python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to execute Python code via a crafted URL, related to createObject.

CVE-2012-5489
Published: 2014-09-30
The App.Undo.UndoSupport.get_request_var_or_attr function in Zope before 2.12.21 and 3.13.x before 2.13.11, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote authenticated users to gain access to restricted attributes via unspecified vectors.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
In our next Dark Reading Radio broadcast, we’ll take a close look at some of the latest research and practices in application security.