Blog Posts Tagged with "Encryption"
Securing Your Company Against BYOD-Created Threats
May 14, 2012 Added by:Ashley Furness
The increasing emergence of Bring Your Own Device (BYOD) policies has both good and bad implications. Here are four strategies your company should implement to keep data secure while supporting employees' choice to use their own laptops, smartphones and tablets in the workplace...
Comments (2)
ICS-CERT: WellinTech KingSCADA Insecure Password Encryption
May 10, 2012 Added by:Infosec Island Admin
Researchers Alexandr Polyakov and Alexey Sintsov from DSecRG identified an unsecure password encryption vulnerability in WellinTech KingSCADA application. When KingSCADA OPCServer and OPCClient are not on the same node, a remote attacker may obtain passwords to the system...
Comments (0)
Ninety Percent of HTTPS Websites Insecure
May 08, 2012 Added by:Dan Dieterle
Of the 200,000 HTTPS websites tested, only about 10% are properly secured. Changes need to be made to the secure online transaction system. Several of the issues have already been addressed, sadly it seems that the appropriate measures to secure SSL have just not been taken...
Comments (5)
Did Iran Recover Encrypted Data from Downed Stealth Drone?
May 02, 2012 Added by:Dan Dieterle
Iranian officials recently released claims that they have finished their reverse engineering of the downed US stealth drone and will begin to make a copy. The Iranians released information they say was encrypted flight and maintenance data from internal databases...
Comments (0)
Recovering Windows Passwords Remotely in Plain Text
April 26, 2012 Added by:Dan Dieterle
There has been a lot of buzz across the web the last few months about a program called “Mimikatz”. It is an interesting program that allows you to recover Windows passwords from a system in clear text. The passwords for anyone who has logged into a machine can be displayed...
Comments (0)
Protecting Data in Use
April 26, 2012 Added by:Simon Heron
The security of data in use is about risk mitigation. However, with the current targeted attacks and the proliferation of zero day threats, the risk level is high. It is necessary that action is taken to implement the required precautions that reduce the risk to an acceptable level...
Comments (0)
Disagreement on Password Vault Software Findings
April 12, 2012 Added by:Brent Huston
Recently, some researchers have been working on comparing password vault software products and have found some issues. However, many of the vendors are quickly moving to remediate the identified issues, many of which were simply improper use of proprietary cryptography schemes...
Comments (0)
Encryption: Myths and Must Knows
April 12, 2012 Added by:Rebecca Herold
Small to medium sized businesses have legal obligations to protect sensitive information, such as personally identifiable information. Here are some of the common long-held myths related to encryption misconceptions...
Comments (0)
When Will PCI SSC Stop the Mobile Payment Insanity?
April 11, 2012 Added by:PCI Guru
The merchant is left to their own devices to know whether any of these mobile payment processing solutions can be trusted. I am fearful that small merchants, who are the marketing target of these solutions, will be put out of business should the device somehow be compromised...
Comments (0)
The Growing Importance of Protecting Certificate Authorities
April 09, 2012 Added by:Rafal Los
We've seen a few of the largest CAs get compromised and fake certificates end up in the hands of nation-states which wanted to spy on their population. It goes without saying that there are likely more attacks that we've simply either not picked up or were unreported...
Comments (0)
Pump Up Your P@$$w0rd$
April 04, 2012 Added by:Kevin Doel
The idea is to choose phrase that you will be able to remember and a simple algorithm for converting it to a strong password. Even the best encryption systems are not going to protect your data if you use weak passwords and a hacker gains physical access to your mobile device...
Comments (2)
Vague Cybersecurity Legislation Threatens Civil Liberties
April 02, 2012 Added by:Electronic Frontier Foundation
Using cryptography to protect communications could be taken as a way to defeat an operational control. Measuring the performance of one's ISP or analyzing whether packets are being modified maliciously could all be seen as security threats under this definition...
Comments (1)
CISSP Reloaded Domain 4: Cryptography
March 29, 2012 Added by:Javvad Malik
Cryptography, the dark art of information security. The deus-ex-machina, the silver bullet, the be all and end all of all security measures, so profound cryptography was first classed as a munitions. Widely misunderstood, often poorly implemented...
Comments (1)
Shutting Front and Back Door Access to Your Mobile Devices
March 27, 2012 Added by:Kevin Doel
A lost or stolen phone constitutes a serious security threat to the information on the device because the attacker has unlimited time to gain access to the secrets that are stored therein. Important personal information should not be stored in any unsecured note application...
Comments (0)
Public Key Infrastructure 1998 – 2012
March 26, 2012 Added by:Ben Rothke
PKI was and still is a powerful set of technologies. But it was a solution far ahead of its time. It was doomed by a lack of standards, interoperability issues, deployment complexities, and a level of complication that confounded even technologically competent end-users...
Comments (1)
Fifteen Unsafe Security Practices that Lead to Data Breaches
March 22, 2012 Added by:Kelly Colgan
Database security is an essential element of overall security maturity at enterprise level. Underestimating its value and not dedicating sufficient attention to developing a comprehensive data security plan can, in many instances, lead to data compromise...
Comments (0)
- Follow Up to the Out of Band Authentication Post
- Skype Malware Campaign Spreading Poison Ivy Trojan
- I Hope Edo is Worth the Privacy Risk
- Dutch MoD Innovation Competition 2012: CYBER Operations 2.0
- NIST Workshop: The Technical Aspects of Botnets
- Security Automation by Hand - Batch/Bash/FOR
- Who Are You Preaching to Anyway?
- Some Observations on Klout Scores
- Where Will the Buck Stop in Cloud Security?
- How Does Your Bank Protect Your Data?