Encryption
Do You Have a Vendor Security Check List? You Should!
May 09, 2013 Added by:Michael Fornal
A security check list is a list of security controls that a vendor or application must meet. These controls can range from how storage back up is to be done, to password complexity requirements. Having a checklist can help you in deciding if the application or vendor conforms to your company’s security requirements.
Comments (0)
Protect Data Not Devices?
April 05, 2013 Added by:Simon Moffatt
As the devices becomes smarter, greater emphasis is placed on the data and services those devices access. Smartphones today come with a healthy array of encryption features, remote backup, remote data syncing for things like contacts, pictures and music, as well device syncing software like Dropbox. How much data is actually specifically related to the device?
Comments (0)
SSL Wars – Little New Hope
March 28, 2013 Added by:Gary McCully
I thought it was time to write an update regarding the current state of websites that are using SSL/TLS to protect their web applications. Sadly, the current state of SSL/TLS is pretty pathetic. As of March 19, 2013 the SSL Pulse Project reported that many of the most popular sites on the Internet are still struggling with correctly implementing SSL!
Comments (0)
Burdens of Proof: Cryptographic Culture & Evidence Law in the Age of Electronic Documents
February 19, 2013 Added by:Ben Rothke
When the IBM PC first came out 31 years ago, it supported a maximum of 256KB RAM. You can buy an equivalent computer today with substantially more CPU power at a fraction of the price. But in those 31 years, the information security functionality in which the PC operates has not progressed accordingly.
Comments (0)
Refresher Series - Capturing and cracking SMB hashes with Cain and Half-LM rainbow tables.
December 20, 2012 Added by:f8lerror
On to the fun stuff, to capture a hash we want to use the Metasploit capture SMB auxiliary module, which is located in auxiliary/server/capture/smb. Leave the default settings with the exception of the CAINPWFILE. Set this to output the file where ever you like...
Comments (0)
All Aboard
December 17, 2012 Added by:Randall Frietzsche
We need a well-conceived set of administrative and technical controls - our policy, while still acknowledging that every living creature on the planet is organically attached to a smart device, must dictate that the user will follow the policy at risk of termination...
Comments (0)
Fraud Files: When Tax Fraud Won’t Go Away
December 11, 2012 Added by:Kelly Colgan
Though it could create procedural challenges for the IRS and the U.S. Postal Service, Congress could solve the problem by simply refusing to issue refunds before April 15. That way they could see who has duplicate returns filed, and investigate before signing over checks to the bad guys...
Comments (0)
Why I'm Upset About the S.C. Department of Revenue Breach
December 04, 2012 Added by:Kelly Colgan
I’m a South Carolina taxpayer, and therefore, a potential victim of the massive South Carolina Department of Revenue Breach. I work in the identity theft and data risk industry, so when I heard about how everything was being handled and what was being offered, I was upset...
Comments (2)
Money Laundering Scenes In -The Digital World
November 20, 2012 Added by:gaToMaLo r. amores
By denying terrorist and criminals groups access to their money, authorities can stop them buying munitions and paying for suicide bombers. This approach has been highly successful in identifying and dismantling terrorist networks. Now they need to adapt and learn how this new DC works because it cannot be stopped...
Comments (1)
Everyday Cryptography: Fundamental Principles and Applications
November 20, 2012 Added by:Ben Rothke
Key management is one of the most important aspects of cryptography and often the most difficult. Part of the difficulty around key management is at the user level, with key updates, passphrase management and more. Ultimately, effective key management is essential to the underlying security of the cryptosystem...
Comments (0)
E-mailing Passwords - Practice What You Preach
November 19, 2012 Added by:Bill Mathews
That’s right, I got an email with my username and password listed right there. That probably doesn’t anger normal people (let alone drive them to write an article about it), but I have never been accused of being normal so I’m pretty annoyed. Here, in no particular order, are my reasons for the anger and frustration...
Comments (6)
L’affaire du Petraeus: Electronic Communications (ELINT) and Your Privacy
November 14, 2012 Added by:Scot Terban
Sure, the schadenfreude is fun, and there are many gawkers and rubber necks out there watching with glee but in the end there is much more to this debacle. The bigger picture issues are multiple and, but to start lets just sit back and watch the calamitous demolition of those who partook and their hubris...
Comments (0)
Privacy in Ubuntu 12.10: Full Disk Encryption
November 12, 2012 Added by:Electronic Frontier Foundation
Full Disk Encryption (FDE) is one of the best ways you can ensure all of the private information on your laptop stays private in case it's lost, seized, stolen, or if you choose to sell or give away your computer in the future. This feature has been built-in to many GNU/Linux distributions, including Ubuntu...
Comments (1)
New technologies raise serious doubts on privacy and security
November 12, 2012 Added by:Pierluigi Paganini
The major concerns are related to the use of cameras of video devices such as PC, mobile devices and TVs to identify the user and verify its rights for vision and of course to determine his habits with the purpose to pack it for the best offer in terms of contents...
Comments (2)
Why traditional approaches for securing Industrial Control Systems Fail
November 09, 2012 Added by:Mikko Jakonen
Criminals or 'adversaries' do not care about your papers. Period. Only a skilled set of controls, wisdom, and discipline in management secures the environment. Attackers will utilize every means to gain access your beloved environment...
Comments (2)
HTTPS Everywhere 3.0 Protects 1,500 More Sites
October 31, 2012 Added by:Electronic Frontier Foundation
We released version 3.0 of HTTPS Everywhere, which adds encryption protection to 1,500 more websites, twice as many as previous stable releases. Our current estimate is that HTTPS Everywhere 3 should encrypt at least a hundred billion page views in the next year, and trillions of individual HTTP requests...
Comments (0)
- Improving Security by Failing Faster
- BYOD: Should It Be the Wave of the Future?
- Trend Micro Discovers "SafeNet" - a New Targeted Espionage Operation Online
- Managing My Company’s Security is a Nightmare
- Bridging the Cybersecurity Divide, Why Security Innovation Must Lead the Way
- The Evolution of Industrial Control System Information Sharing
- ATM Security (And Really Learning from the Past)
- Complimentary IT Security Resources [May 13, 2013]
- Steps Toward Weaponizing the Android Platform
- Mobile Security Processes Could Be Applied to Medical Devices: Bluebox