News & Commentary

Agari's Email Trust Fabric finds fans at AOL, Google, Microsoft, and Yahoo. The goal: Stop spoofing of legitimate email domains.

Researchers Say Oracle Leaves Databases Needlessly Vulnerable

News | 11/30/2011 |

As SQL injection attacks and other advanced threats targeting database assets gain traction, researchers complain that Oracle's other application efforts are distracting the company from shoring up database security

U.S. Cyber Command Practices Defense In Mock Attack

News | 11/30/2011 |

300 participants squared off in a good guys versus bad guys exercise, to test protecting DOD networks from cyber attack.

Researcher: DEP Would Have Stopped Exploit Used In RSA Breach

News | 11/30/2011 |

Qualys research says EMC RSA phishing victims likely were running Windows XP

DAM Is Morphing

Commentary | 11/30/2011 |

DAM may not be DAM much longer.

Slide Show: Top 10 Holiday Phishing Scams

Slideshows | 11/30/2011 |

The following scams demonstrate the ways attackers are crafting their messages during the holidays

Anonymous Threatens Robin Hood Attacks Against Banks

News | 11/30/2011 |

2 comments

Hacktivist group says it will steal credit card data from commercial banks and use the information to donate to charities and protest groups.

Facebook's FTC Deal: 8 Things To Expect

News | 11/30/2011 |

Federal Trade Commission settlement allows Facebook to maintain some privacy policies, but also mandates key changes. Here's what users should know.

It's Time to Dump The 'Insider Threat'

Commentary | 11/30/2011 |

Blaming the "insider threat" merely hides your real security risks

Facebook Hit By Classic Worm Attack

Quick Hits | 11/29/2011 |

Zeus Trojan spreads when user views 'photos'; Facebook now blocking malicious domains spreading the attack

Analyzing Data To Pinpoint Rogue Insiders

News | 11/29/2011 |

Companies and universities look for specific algorithms that will help identify malicious insiders and compromised systems that are acting as insiders

Solutionary Secures Investment From Clearlake Capital

News | 11/29/2011 |

MSSP to focus new funding on growing sales, marketing, and global footprint

Facebook Settles FTC Charges, Admits Mistakes

News | 11/29/2011 |

CEO Mark Zuckerberg promises to make Facebook a privacy leader.

Ten Big Breaches In 2011

Slideshows | 11/29/2011 |

No one was immune: not social networks, not financial institutions, and not even security firms

Slide Show: The Year In Data Theft

News | 11/29/2011 |

From healthcare to game companies to trusted third-party security companies, a number of significant breaches were reported in 2011

Marriott Hacker's Blackmail Goal: An IT Job

News | 11/29/2011 |

Hungarian man threatened to expose confidential company information he'd stolen unless the hotel chain offered him a job.

Four SSL Certificate Management Tips For Holiday E-Commerce Success

News | 11/28/2011 |

Don't let CA compromises, expired SSL certificates break your Internet authentication processes

Hackers Behind AT&T Attack Arrested

News | 11/28/2011 |

Hackers linked to terrorist activities

More Than 13 Million Users' Data At Risk Following Hack Of Korean Gaming Firm

Quick Hits | 11/28/2011 |

Nexon says hack of popular game Maple Story included IDs and passwords, but no financial data

Sting Operation Snares Hacker Attempting To Blackmail Marriott For An IT Job

News | 11/28/2011 |

Hungarian man pleads guilty to stealing confidential financial and other information from Marriott, and then threatening to expose it if the hotel chain didn't offer him employment

Slide Show: 10 Tips And Best Practices For Becoming A Data Security Detective

Slideshows | 11/28/2011 |

Tips from security insiders on gathering and analyzing security intelligence and identifying new threats, as well as APT attacks

SSL's Future

Commentary | 11/28/2011 |

SSL will evolve to meet requirements for e-commerce and mobile

Penetration Tests: Not Getting 'In' Is An Option

Commentary | 11/28/2011 |

Pen testers must get beyond just breaking in, and clients need to understand how the tester's results map to business risk

AT&T Hackers Have Terrorism Ties, Police Say

News | 11/28/2011 |

FBI aids in arrests in Philippines of four men who allegedly hacked into AT&T customers' PBXs to generate revenue for Saudi-based militant group.

Partner Management: Assessing Compliance Capability And Willingness

Commentary | 11/27/2011 |

The first step is to determine the partner's understanding of its responsibility and ability to comply

Will Software Authentication Survive?

Commentary | 11/26/2011 |

Protecting secret keys or seeds in software without the risk of being stolen is crucial

Partner Management: Compliance Program Is Essential

Commentary | 11/26/2011 |

Understanding the risk associated with a partner relationship and managing it accordingly is key

Five Ways To Secure The Consumer IT Invasion At Work

News | 11/23/2011 |

Companies have had to deal with increasing amounts of worker-owned device in the networks

DHS, FBI Dispute Illinois Water Hack

News | 11/23/2011 |

Feds say their preliminary investigation finds no evidence of stolen credentials or foreign attackers.

RockYou Lawsuit Settlement Leaves Question Marks On Breach Liability

Quick Hits | 11/23/2011 |

Settlement is small, but legal experts say case might pave way for more lawsuits against breached companies

Embedding Digital Certificates In Hardware

Commentary | 11/23/2011 |

A natural evolution, but there are a few potential pitfalls to avoid

PCI Rules Apply Even On Black Friday

News | 11/23/2011 |

Uptime might be the name of the game during the holiday shopping season, but retailers need to balance the focus with security and compliance best practices

Mobile Device Management: What's Still Missing

Commentary | 11/23/2011 |

MDM can help extend IT management all the way to the new edge of the enterprise network. But it's only one part of the solution really needed to maximize enterprise mobility.

DHS, FBI: No Evidence Of Hacking At Water Utility

Quick Hits | 11/22/2011 |

No evidence of stolen credentials or malicious activity in Illinois water utility pump crash, feds say

Google Ratchets Up Security Of HTTPS

News | 11/22/2011 |

'Forward secret' HTTPS feature now protects Gmail, SSL Search, Google Docs, and Google+

Firms Slow To Secure Flaws In Embedded Devices

News | 11/22/2011 |

While operating systems and PC applications have evolved fast patch mechanisms, the proliferation of slow-to-patch embedded devices leaves companies vulnerable

Mobile Security Can Be A Major Pain

News | 11/22/2011 |

With healthcare practitioners increasingly relying on their mobile devices, a solid security is vital

APT Or Everyday Cybercrime? How To Tell

News | 11/22/2011 |

Of the many attacks corporate networks face daily, advanced persistent threats are the most serious. Consider these tips to tell which kind of attack you're facing and what to do about it.

Federal IT Security Spending Called 'Light'

News | 11/22/2011 |

Federal agencies have budgeted $6.5 billion for security in 2012, much less on a percentage basis than other businesses and industries, an IDC report says.

AT&T Discloses Hack Attempt On Customer Data

Quick Hits | 11/21/2011 |

'Organized and systemic' attack was designed to collect online account information, telecom giant says

Computer Crime Year In Review by Jennifer Granick

News | 11/21/2011 |

EFF's Civil Liberties Director, Jennifer Granick's Black Hat talk: Computer Crime Year in Review - MySpace, MBTA, Boston College and more. Granick discusses some special cases and the the application of legal statutes for them.

Fighting Russian Cybercrime Mobsters: by Dmitri Alperovitch and Keith Mularski

News | 11/21/2011 |

McAfee Threat Research VP Dmitri Alperovitch and FBI Supervisory Special Agent Keith Mularski discuss the evolution of Russian organized crime into the area of CyberCrime.

Lockpicking Forensics - Black Hat 2009

News | 11/21/2011 |

Destruction is still the most common way to break in somewhere. Datagram provides a talk on Lockpicking Forensics at Black Hat, covering how locks and picks work, various techniques, the affect of normal wear, lock and key analysis and investigation.

Hacking The Smart Grid - Black Hat 2009

News | 11/21/2011 |

FYRM Associates Principal Tony Flick presents research on hacking the smart grid. He talks about the components of the smart grid, the problems (both found and potential), and finally some solutions.

APT Or Not APT? Discovering Who Is Attacking The Network

News | 11/21/2011 |

Corporate networks face a variety of attacks every day, yet pinpointing the most serious attacks are no easy matter

Develop Secure Mobile Applications

News | 11/21/2011 |

We share best practices to create safe mobile apps for users and customers.

MANDIANT CSO Talks Threats To His Company and His Clients

News | 11/21/2011 |

Richard Bejtlich, CSO and VP of managed services, sits down with Dark Reading's Kelly Jackson Higgins at Black Hat USA to talk about the two hats he wears at the incident response company, and trends in attacks against enterprises and security firms.

New 'Anti-Social' Social Network Lets CSOs Share

News | 11/21/2011 |

Emerging online community for security executives to help one another better defend against attacks -- no vendors or consultants allowed

7 Facebook Security Problems Linger

News | 11/21/2011 |

Social networking giant might have fixed its porn problem, but it has plenty of other issues to reckon with, experts say.

Anatomy of a Zero Day Attack

News | 11/21/2011 |