Scammers Exploiting Bogus DigiNotar SSL Certificates

September 20, 2011 Added by:Headlines

Security provider Barracuda Networks has warned of a spamming campaign targeting Royal Bank of Canada customers. The spam messages falsely notify users that their SSL certificate has expired, and that in order to continue using online banking services they are required to update the certificate...

Comments  (0)


DigiNotar Banned from Issuing New Digital Certificates

September 16, 2011 Added by:Headlines

"An unauthorized third party (hacker) has been active on the CA server that is used for issuing qualified certificates... The integrity of the data on the [DigiNotar] server that is used for production and issuance of qualified certificates is therefore impossible to guarantee..."

Comments  (0)


Why Encryption Alone Isn’t Enough

September 16, 2011 Added by:Emmett Jorgensen

There are variables at work that often require security measures above and beyond encryption. The confidentiality of the data you are working with, state, federal and industry regulations, user habits, platforms and more all factor into the security measures needed to safeguard your data...

Comments  (0)


Customize Your Flash Drive – Infosec Style

September 12, 2011 Added by:Kanguru Solutions

Every organization has different needs. What works for one may not work for another. Size, budget, personnel, and structure all play a factor in determining what an organization will do in terms of IT security. There generally is no “one size fits all” solution when it comes to Infosec...

Comments  (0)


Security: What Was Old is New Again

September 06, 2011 Added by:Craig S Wright

So, when all is said and done, we have not really changed much as a species. We love to believe that we as a generation are forging something new and facing problems that no other has faced before, but in reality, the analogy remains as it is always likely to remain. Change is the only constant...

Comments  (0)


Securing Web Servers with SSL

August 31, 2011 Added by:Danny Lieberman

So where does SSL fit in? Well, we know that the vulnerabilities for a PHI data breach can not only happen inside any layer but in particular there are vulnerabilities in the system interfaces between layers. That means between server layers and client-server interfaces...

Comments  (0)


Cryptography for Emerging Technologies and Applications

August 23, 2011 Added by:Headlines

The National Institute of Standards and Technology (NIST) is hosting a workshop on Cryptography for Emerging Technologies and Applications that is intended to identify the cryptographic requirements for emerging technologies and applications...

Comments  (0)


End-to-End Encryption – The Rest Of The Story

August 10, 2011 Added by:PCI Guru

If you discuss E2EE with any merchant, most see it as this panacea, something that will get them out of the PCI compliance game altogether. However, nothing could be further from the truth. If anything, E2EE may make PCI compliance even more daunting than it is today...

Comments  (0)


Quiet Please - H4xing in Progress

August 10, 2011 Added by:David Martinez

I used this script from the BT5 How-To page, which grabs packets, redirects them through sslstrip, prints the info to my machine, and sends it to the end-user with a spoofed source. Within 30 minutes, I had at least 5 different passwords for FB, Twitter, G-mail, and others...

Comments  (0)


Encrypting the Web with HTTPS Everywhere

August 08, 2011 Added by:Headlines

"Your online reading habits and activities are vulnerable to eavesdropping, and your accounts are vulnerable to hijacking... Electronic Frontier Foundation created HTTPS Everywhere to make it easier for people to keep their user names, passwords, and browsing histories secure and private..."

Comments  (0)


Researchers Break Military Chip Encryption Keys

August 04, 2011 Added by:Dan Dieterle

In the attack, power use is monitored during the power up sequence of the chip. As it is powered up, the chip accesses a key used to decrypt the configuration data file and data stream. By analyzing the power used, the team was able to decrypt the key...

Comments  (0)


Where is the Focus on Randomness in Cryptography?

June 27, 2011 Added by:Emmett Jorgensen

The risk in using an RNG that is not truly random stems from the ability of an attacker analyzing the encrypted data and potentially discovering patterns to the encryption. This could allow some type of reverse engineering of the encrypted data or keys...

Comments  (2)


Webcast: The State of SSL on the Internet

June 20, 2011 Added by:Sasha Nunke

The SSL (TLS) protocol is the security backbone of the Internet, but surprisingly little is known about how it is deployed. This session will present the results of the first publicly available survey aimed at assessing the state of SSL. It will also provide documentation and free tools...

Comments  (0)


FIPS 140-2: Just Buzzword Bingo?

June 15, 2011 Added by:Jonathan Lampe

If your IT department intersects with the finance, health care, government or energy sectors, or is subject to regulations such as PCI-DSS, then you should be using FIPS 140-2 validated cryptography now to protect data-in-transit and data-at-rest...

Comments  (4)


X.509 Certificates vs. Webs Of Trust (e.g., PGP, SSH)

June 07, 2011 Added by:Jonathan Lampe

My belief is that WOT is fading, not just because PGP Corp was acquired, but also because PGP Corp itself was making or had made several technology decisions to integrate X.509 into PGP encryption and signing processes and even to act as an X.509 certificate authority...

Comments  (2)


Could the IT Staff Hold Your Company Hostage?

May 24, 2011 Added by:Headlines

Report: "A significant number of IT staff could cause chaos for their organizations with their knowledge of and access to digital certificates and encryption keys due to lack of management controls and no separation of duties..."

Comments  (0)

Page « < 6 - 7 - 8 - 9 - 10 > »