Dark Reading

JOIN THE TALK MOST POPULAR SEND US A TIP FOLLOW US

Making Windows Secure From The Ground Up
Feb 16, 2012 | Microsoft's Steve Lipner, who was a major proponent of the need for a secure development methodology, talks about the successes of Microsoft's push -- and the costs

Flash Zero-Day Used In Targeted Email Attacks
Feb 16, 2012 | Rare universal XSS attack campaign aimed at taking over Webmail accounts

New Waledac Variant Goes Rogue
Feb 15, 2012 | Disabled spamming botnet creates new variant that steals user credentials

Bad Password Management Exposes Critical Databases
Feb 15, 2012 | Nortel breach shows how poor password management can give away keys to the kingdom

Public Key Used To Secure HTTPS Fails 'Sanity Check'
Feb 15, 2012 | Researchers find two out of every 1,000 public keys can be easily cracked

Product Watch: Startup Rolls Out New Approach To User Authentication
Feb 14, 2012 | WWPass offers single device that authenticates users to many systems; secure storage technology protects data by storing it in geographically distributed fragments

SECURITY NEWS

Secure Coding Practices Out The Window With Mobile Apps
Developers not applying secure development life cycle practices in mobile app production

Hopping Aboard The Mobile Payment Bandwagon? Bring A Helmet
Implementing mobile payment systems presents a high risk, high reward opportunity

When Good Apps Go Bad
Experts warn that many otherwise non-malicious mobile apps are trampling privacy with overgenerous device permissions

MORE MOBILE SECURITY TECH CENTER STORIES

Avoid Putting IT In A GRC Vacuum
When infosec pros are asked to set security and compliance policies with no line-of-business input, problems are inevitable

Big Data Could Create Compliance Issues
The bigger data sets grow, the harder compliance could become

EU's More Stringent Data Privacy Proposal Poses Challenges For Businesses
Proposed changes to data privacy laws in Europe have garnered mixed praise

MORE COMPLIANCE TECH CENTER STORIES

Ambient Cloud Reduces Costs, Boosts Security
Distributed -- or ambient -- cloud storage requires that users chip in by providing disk space and gives them equivalent space in the cloud. Can storing others' data locally be secure?

Tech Insight: Penetration-Testing Your Cloud Provider
Vulnerability assessments and penetration tests can be a great way to validate the security posture of these organizations

Cloud Means More Secure Remote Access
Connecting hosts running remote-access services directly to the Internet is so last decade. Instead, companies look to move to cloud-enabled services or virtual desktop infrastructure.

MORE CLOUD SECURITY TECH CENTER STORIES

Flash Zero-Day Used In Targeted Email Attacks
Rare universal XSS attack campaign aimed at taking over Webmail accounts

Citadel Malware Brings Service To Cybercrime
Using many of the hallmarks of open-source project management, the Citadel project looks likely to become a major botnet threat

Nortel Breach Gave Hackers Access For Years, Report Says
Hackers breached Nortel security and maintained access for years, reportedly making off with a treasure trove of corporate emails and documents

MORE ADVANCED THREATS TECH CENTER STORIES

Five Tactical Security Metrics To Watch
Wondering how secure the corporate network is? Here's five operational security metrics that can help. First of a two part series

Does SIEM Make Sense For Your Company?
Ten questions to ask before implementing SIEM technology -- and how to choose the right system for your enterprise

FBI Seeks 'Automated Search And Scrape' Of Social Networks
Agency issues RFI for technology to quickly find and surface 'events' via search of social networks, news sites

MORE SECURITY MONITORING TECH CENTER STORIES

Product Watch: Startup Rolls Out New Approach To User Authentication
WWPass offers single device that authenticates users to many systems; secure storage technology protects data by storing it in geographically distributed fragments

Another Hurdle For IPsec
Some organizations are taking a second look at IPsec for more security, but like SSL, it also relies on a flawed trust model

Researcher Cracks Google Wallet PIN
Fix for vulnerability could require banks to take over some of security responsibility

MORE AUTHENTICATION TECH CENTER STORIES

More Than Half Of Cyberattacks Come From Asia
DDoS attacks worldwide on the rise, report finds

Top 10 Security Mistakes SMBs Make
SMBs need to work on fundamental security errors to reduce risk of costly incidents

Half Of All The World's Spam Now Out Of Asia
New 'Dirty Dozen' spam report still has the U.S. as the number one spammer, but South Korea becoming a major producer as well

MORE SMB SECURITY TECH CENTER STORIES

Making Windows Secure From The Ground Up
Microsoft's Steve Lipner, who was a major proponent of the need for a secure development methodology, talks about the successes of Microsoft's push -- and the costs

Nearly 80% Of All Bugs Are In Third-Party Apps
Secunia annual report says only 10 percent of bugs in 2011 were in Microsoft software

How (And Why) Attackers Choose Their Targets
To build a sure defense, you need to know what makes you a juicy target. Here are some tips

MORE VULNERABILITY MANAGEMENT TECH CENTER STORIES

Most Small Healthcare Practices Hacked In The Past 12 Months
Nearly 30 percent say breaches resulted in medical identity theft, new Ponemon report finds

Bad Password Management Exposes Critical Databases
Nortel breach shows how poor password management can give away keys to the kingdom

How To Defend Your Database From Malicious Insiders
The biggest threat to your sensitive information might be those who are authorized to access it. Here are some tips on how to defend your organization

MORE DATABASE SECURITY TECH CENTER STORIES

StopTheHacker Launches
New Web security-as-a-service firm comes out of stealth mode with new funding and new services

Más DDoS: More Powerful, Complex, And Widespread
New DDoS reports highlight evolving M.O. of DDoS and DoS attacks and increased firepower

Gartner: Security Services Spending On Pace For Record Growth
Many enterprises looking to managed security services to save on operational costs, Gartner report says

MORE SECURITY SERVICES TECH CENTER STORIES

New Waledac Variant Goes Rogue
Disabled spamming botnet creates new variant that steals user credentials

Have Your Users' Passwords Already Been Hacked?
If employees use their same password at work and in their personal lives, another company's breach may weaken your own security. Five steps to mitigate the risk

How To Spot A Fake Facebook Profile
Barracuda Networks gathers telltale characteristics of the phony Facebook "Friend"

MORE INSIDER THREAT TECH CENTER STORIES

NSS Labs Moves To Subscription-Based Model

Trend Micro Releases HijackThis Source Code To sourceforge.net

AlgoSec Automates Management Of Next-Generation Network Security Infrastructure

Aberdeen Group Sees Classification As Key To Successful Data Loss Prevention

Layered Tech Becomes First Hosting And Cloud Provider Offers Compliance Guarantee

Genetics Inspired Research Prevents Cyber Attacks

Trend Micro Reports Results For Q4 And Fiscal Year 201

Acunetix Web Rolls Out Vulnerability Scanner 8

PandaLabs Reports Presence Of New Powerful Bot Spread By Email

45% Of European IT Decision Makers View Security And SLAs As Leading Barriers To Cloud

ALL SECURITY PRESS RELEASES

THREAT POST
Anonymous Hacks FTC Consumer Protection Website To Protest ACTA
FEBRUARY 17, 2012  | Anonymous took credit for several FTC websites that were knocked offline today, in protest of the federal government's support of the Anti Counterfeiting Trade Agreement

BLOOMBERG
Napolitano Counters Industry On Cost Of Cybersecurity Bill
FEBRUARY 17, 2012  | Janet Napolitano, secretary of the Homeland Security Department, told a Senate panel this week that quick passage of cybersecurity legislation by the U.S. Senate is crucial in the face of Chamber of Commerce concerns about the bill putting regulatory burden on companies

CNET
Security Experts: Apple Did Mac OS X Gatekeeper Right
FEBRUARY 17, 2012  | Apple is getting kudos from security researchers with how its Mac OS X Mountain Lion's new Gatekeeper features lets users decide which apps they want to download while also protecting their security

WEBSENSE BLOG
Long Life To Kelihos!
FEBRUARY 17, 2012  | Websense describes a new variant of the Kelihos botnet malware, and looks at its command-and-control infrastructure and P2P network

THE WASHINGTON POST
Google Pulls Cookies That Tracked Users Through Safari
FEBRUARY 17, 2012  | Google has removed special code it had reportedly attached to users' cookies when they ran Apple Safari browser that allows advertisers and Google to bypass Safari's ability to block third-party cookies

ARS TECHNICA
Is Megaupload "A Lot Less Guilty Than You Think?"
FEBRUARY 17, 2012  | Legal experts say Megaupload is likely in serious legal trouble, but Jennifer Granick, a Bay Area attorney blogging for Stanford's Center for Internet and Society, raises the distinction between civil and criminal law in the case

THREAT POST
Google Password Generator In The Works
FEBRUARY 17, 2012  | Google is building a tool to help users generate strong passwords for websites as an interim solution until the OpenID standard becomes widely deployed

THE GASTON GAZETTE
IRS: Beware Of Dirty Dozen Tax Scams
FEBRUARY 17, 2012  | The Internal Revenue Service has issued its annual "Dirty Dozen" tax scams list to warn taxpayers about scams and threats including identity theft and return preparer fraud

A look at the 25 most popular stories ever posted on the pages of Dark Reading.

Take The Value of Information Security Certifications Survey
Just what value information security certifications really provide the security professional is a widely debated topic. Information Security Leaders, an independent security career website, wants to hear from you, the information security pro, on whether these certifications are meaningless or valuable to your career. Take the anonymous survey on how security pros feel about this topic here. You can also receive the final results via email.

Free Vulnerability Management Trial
Qualys is offering a free 14-day trial of its vulnerability management solution, which helps enterprises identify, fix, and report on network security threats.

Free Security Tools from Sophos
Scan for security risks, threats, rootkits and unauthorized applications.

Info-Tech Research Group
A specialist in small and medium-sized businesses, Info-Tech offers a different perspective than research houses that focus on the Fortune 1000.

Sponsored Resource Center

Evil Bytes
BY John H. Sawyer
Linux Live Environments: Cool Tools Even For Windows Folks
February 14, 2012
04:56 PM -- Preconfigured Linux environments provide powerful tools to aid in pen testing, mobile security testing, malware analysis, and forensics

SophosLabs Insights
BY Chester Wisniewski
Nortel Networks: Wolf In The Henhouse, Guard Dog Fast Asleep
February 17, 2012
09:09 AM -- Full disclosure risks premium sale price

In Search of Malware
BY Mary Landesman
Mass-Meshing A Gumblar Creation
June 30, 2011
04:52 PM -- Compromised and backdoored websites are frequently used interchangeably to act as conduit, redirector, and malware host.

Hacked Off
BY Mike Rothman
Looking Over The RIM And Into The Chasm
January 25, 2012
01:56 PM -- What security folks need to learn from RIM's rapid and accelerating downfall...

Security Views
BY Glenn S. Phillips
Being A Security Bully Does Not Make You Compliant
February 15, 2012
03:20 PM -- Compliance is not a tool for dodging work or dismissing business needs

Dark Dominion
BY Tim Wilson
Dark Reading Launches New Tech Center On Security And Compliance
August 15, 2011
12:01 AM -- New Dark Reading Compliance Tech Center will cover relationship between security initiatives and compliance initiatives

CS Island
BY Robert Richardson
The SpiderLabs Report
January 29, 2011 | 1 Comments
08:14 AM -- A look at the Trustwave Cyber Crime report

MORE BLOGS

Featured Resources

Security Whitepapers

What is SaaS, and Should SMBs Consider Using It? The Compliance Trap: Compliance for compliance's sake is not a best practice in protecting cardholder data Secure Managed Web Hosting Saves 960.gs from Malicious Hackers Access Governance as a Business Service: An Integrated Strategy for Automation with ITSM Business Driven Access Management and Governance: Simplifying the Delivery and Governance of Access Throughout

View More Whitepapers