General

69dafe8b58066478aea48f3d0f384820

Scammers Exploiting Bogus DigiNotar SSL Certificates

September 20, 2011 Added by:Headlines

Security provider Barracuda Networks has warned of a spamming campaign targeting Royal Bank of Canada customers. The spam messages falsely notify users that their SSL certificate has expired, and that in order to continue using online banking services they are required to update the certificate...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

DigiNotar Banned from Issuing New Digital Certificates

September 16, 2011 Added by:Headlines

"An unauthorized third party (hacker) has been active on the CA server that is used for issuing qualified certificates... The integrity of the data on the [DigiNotar] server that is used for production and issuance of qualified certificates is therefore impossible to guarantee..."

Comments  (0)

8c4834b99847b9f7c9ee94b45df086f9

Why Encryption Alone Isn’t Enough

September 16, 2011 Added by:Emmett Jorgensen

There are variables at work that often require security measures above and beyond encryption. The confidentiality of the data you are working with, state, federal and industry regulations, user habits, platforms and more all factor into the security measures needed to safeguard your data...

Comments  (0)

34f0cf280cbc950bcb75cabd189b7a8d

Customize Your Flash Drive – Infosec Style

September 12, 2011 Added by:Kanguru Solutions

Every organization has different needs. What works for one may not work for another. Size, budget, personnel, and structure all play a factor in determining what an organization will do in terms of IT security. There generally is no “one size fits all” solution when it comes to Infosec...

Comments  (0)

8b5e0b54dfecaa052afa016cd32b9837

Security: What Was Old is New Again

September 06, 2011 Added by:Craig S Wright

So, when all is said and done, we have not really changed much as a species. We love to believe that we as a generation are forging something new and facing problems that no other has faced before, but in reality, the analogy remains as it is always likely to remain. Change is the only constant...

Comments  (0)

959779642e6e758563e80b5d83150a9f

Securing Web Servers with SSL

August 31, 2011 Added by:Danny Lieberman

So where does SSL fit in? Well, we know that the vulnerabilities for a PHI data breach can not only happen inside any layer but in particular there are vulnerabilities in the system interfaces between layers. That means between server layers and client-server interfaces...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Cryptography for Emerging Technologies and Applications

August 23, 2011 Added by:Headlines

The National Institute of Standards and Technology (NIST) is hosting a workshop on Cryptography for Emerging Technologies and Applications that is intended to identify the cryptographic requirements for emerging technologies and applications...

Comments  (0)

Fc152e73692bc3c934d248f639d9e963

End-to-End Encryption – The Rest Of The Story

August 10, 2011 Added by:PCI Guru

If you discuss E2EE with any merchant, most see it as this panacea, something that will get them out of the PCI compliance game altogether. However, nothing could be further from the truth. If anything, E2EE may make PCI compliance even more daunting than it is today...

Comments  (0)

3ebd200287a032cf6d13d6b75a570c94

Quiet Please - H4xing in Progress

August 10, 2011 Added by:David Martinez

I used this script from the BT5 How-To page, which grabs packets, redirects them through sslstrip, prints the info to my machine, and sends it to the end-user with a spoofed source. Within 30 minutes, I had at least 5 different passwords for FB, Twitter, G-mail, and others...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Encrypting the Web with HTTPS Everywhere

August 08, 2011 Added by:Headlines

"Your online reading habits and activities are vulnerable to eavesdropping, and your accounts are vulnerable to hijacking... Electronic Frontier Foundation created HTTPS Everywhere to make it easier for people to keep their user names, passwords, and browsing histories secure and private..."

Comments  (0)

B64e021126c832bb29ec9fa988155eaf

Researchers Break Military Chip Encryption Keys

August 04, 2011 Added by:Dan Dieterle

In the attack, power use is monitored during the power up sequence of the chip. As it is powered up, the chip accesses a key used to decrypt the configuration data file and data stream. By analyzing the power used, the team was able to decrypt the key...

Comments  (0)

8c4834b99847b9f7c9ee94b45df086f9

Where is the Focus on Randomness in Cryptography?

June 27, 2011 Added by:Emmett Jorgensen

The risk in using an RNG that is not truly random stems from the ability of an attacker analyzing the encrypted data and potentially discovering patterns to the encryption. This could allow some type of reverse engineering of the encrypted data or keys...

Comments  (2)

6429389c5e8a4c9555be876f8484331a

Webcast: The State of SSL on the Internet

June 20, 2011 Added by:Sasha Nunke

The SSL (TLS) protocol is the security backbone of the Internet, but surprisingly little is known about how it is deployed. This session will present the results of the first publicly available survey aimed at assessing the state of SSL. It will also provide documentation and free tools...

Comments  (0)

85612d572d689128ab07f369ff934d02

FIPS 140-2: Just Buzzword Bingo?

June 15, 2011 Added by:Jonathan Lampe

If your IT department intersects with the finance, health care, government or energy sectors, or is subject to regulations such as PCI-DSS, then you should be using FIPS 140-2 validated cryptography now to protect data-in-transit and data-at-rest...

Comments  (4)

85612d572d689128ab07f369ff934d02

X.509 Certificates vs. Webs Of Trust (e.g., PGP, SSH)

June 07, 2011 Added by:Jonathan Lampe

My belief is that WOT is fading, not just because PGP Corp was acquired, but also because PGP Corp itself was making or had made several technology decisions to integrate X.509 into PGP encryption and signing processes and even to act as an X.509 certificate authority...

Comments  (2)

69dafe8b58066478aea48f3d0f384820

Could the IT Staff Hold Your Company Hostage?

May 24, 2011 Added by:Headlines

Report: "A significant number of IT staff could cause chaos for their organizations with their knowledge of and access to digital certificates and encryption keys due to lack of management controls and no separation of duties..."

Comments  (0)

Page « < 6 - 7 - 8 - 9 - 10 > »