Commentary

Content posted in January 2014
Super Bowl Tech: A Supersized Role For Security
Commentary  |  1/31/2014  | 
The cold weather has been the strongest story line throughout the entire NFL season. Sundays game will be no exception -- behind the scenes and on the field.
Finding The Balance Between Compliance & Security
Commentary  |  1/30/2014  | 
IT departments can reduce security risks by combining the flexibility of ISO 27000 with the stringent requirements of PCI. Heres how.
Red Or Blue, I'm Usually The Only Woman On The Team
Commentary  |  1/30/2014  | 
Women are still few and far between in the cybersecurity field
For SMBs: How To Implement PCI DSS 3
Commentary  |  1/29/2014  | 
How PCI DSS v3.0 requirements affect the management of service providers for SMBs
The Scariest End-User Security Question: What Changed?
Commentary  |  1/29/2014  | 
Hitting employees over the head with fear, uncertainty, and doubt does little to help protect them from security threats. Is multi-factor authentication "by force" a better approach?
Data Security: 4 Questions For Road Warriors
Commentary  |  1/28/2014  | 
Traveling with electronic gear containing sensitive data carries a greater security risk today than ever before.
Target Breach: Why Smartcards Wont Stop Hackers
Commentary  |  1/24/2014  | 
"Chip and PIN" smartcard adoption in the United States is long overdue. But the security improvement wouldn't have stopped Targets BlackPOS malware attackers.
Future Shock: The Internet of Compromised Things
Commentary  |  1/23/2014  | 
Its doubtful that the average consumer would be aware that his or her refrigerator was participating in a DDoS attack. Even fewer would have any idea how to stop it.
Target Mocks, Not Helps, Its Data Breach Victims
Commentary  |  1/22/2014  | 
The only thing consumers did wrong is to shop at Target. Why are they being blamed for the retailer's security failings?
Target Breach: 5 Unanswered Security Questions
Commentary  |  1/22/2014  | 
Investigators have yet to explain how Target was hacked, whether BlackPOS malware infected its payment servers, and whether the same gang also struck other retailers.
HIPAA, SOX & PCI: The Coming Compliance Crisis In IT Security
Commentary  |  1/21/2014  | 
New mandates around datacenter virtualization, enterprise apps, and BYOD will stretch IT security staffs and budgets to the max in 2014.
What Would Judge Leon Say About The 'Big 8'?
Commentary  |  1/21/2014  | 
Why Apple, Facebook, Google, Microsoft, Twitter, and others' open letter against NSA spying practices rings of hypocrisy
Malware: More Hype Than Reality
Commentary  |  1/17/2014  | 
Sure, malware exists, but is it really as bad as the news suggests?
What Healthcare Can Teach Us About App Security
Commentary  |  1/15/2014  | 
The Centers for Disease Control protects people from health threats and increases the health security of our nation. Its a mission thats not so different from InfoSec.
Why IT Security RFPs Are Like Junk Food
Commentary  |  1/13/2014  | 
Buying the latest security technology won't save you if your company isn't carrying out basic health checks.
NSA Fallout: Why Foreign Firms Wont Buy American Tech
Commentary  |  1/10/2014  | 
Mounting evidence points to billions of dollars in lost US business thanks to the NSA's collect-everything mindset.
Cloud Gazing: 3 Security Trends To Watch
Commentary  |  1/9/2014  | 
The ultimate success of cloud computing depends on the security solutions we wrap around it.
Why I Pulled Out Of The RSA Conference
Commentary  |  1/8/2014  | 
Dave Kearns can't abide RSA's reported dealings with the NSA or its suspect security practices.
How Cloud Security Drives Business Agility
Commentary  |  1/7/2014  | 
Cloud computing represents a unique opportunity to re-think enterprise security and risk management.
Name That Toon: Contest Winners Named
Commentary  |  1/6/2014  | 
We enjoyed all the laughs on the road to choosing the winner of our first cartoon caption contest. Check out the funniest entries.
3 Themes For Implementing PCI DSS 3.0 For SMBs
Commentary  |  1/6/2014  | 
How the new PCI DSS v3.0 requirements affect the scope of cardholder data systems
Physical & Network Security: Better Together In 2014
Commentary  |  1/2/2014  | 
How ready are you for the day you discover there are more networked IP security cameras than laptops in your infrastructure – and none adheres to 802.1x standards?


New Cold Boot Attack Gives Hackers the Keys to PCs, Macs
Kelly Sheridan, Staff Editor, Dark Reading,  9/13/2018
Yahoo Class-Action Suits Set for Settlement
Dark Reading Staff 9/17/2018
RDP Ports Prove Hot Commodities on the Dark Web
Kelly Sheridan, Staff Editor, Dark Reading,  9/17/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Flash Poll
How Data Breaches Affect the Enterprise
How Data Breaches Affect the Enterprise
This report, offers new data on the frequency of data breaches, the losses they cause, and the steps that organizations are taking to prevent them in the future. Read the report today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-3912
PUBLISHED: 2018-09-18
Bypassing password security vulnerability in McAfee Application and Change Control (MACC) 7.0.1 and 6.2.0 allows authenticated users to perform arbitrary command execution via a command-line utility.
CVE-2018-6690
PUBLISHED: 2018-09-18
Accessing, modifying, or executing executable files vulnerability in Microsoft Windows client in McAfee Application and Change Control (MACC) 8.0.0 Hotfix 4 and earlier allows authenticated users to execute arbitrary code via file transfer from external system.
CVE-2018-6693
PUBLISHED: 2018-09-18
An unprivileged user can delete arbitrary files on a Linux system running ENSLTP 10.5.1, 10.5.0, and 10.2.3 Hotfix 1246778 and earlier. By exploiting a time of check to time of use (TOCTOU) race condition during a specific scanning sequence, the unprivileged user is able to perform a privilege escal...
CVE-2018-16515
PUBLISHED: 2018-09-18
Matrix Synapse before 0.33.3.1 allows remote attackers to spoof events and possibly have unspecified other impacts by leveraging improper transaction and event signature validation.
CVE-2018-16794
PUBLISHED: 2018-09-18
Microsoft ADFS 4.0 Windows Server 2016 and previous (Active Directory Federation Services) has an SSRF vulnerability via the txtBoxEmail parameter in /adfs/ls.