Blame the Silver Heads?

July 17, 2012 Added by:Ian Tibble

The idea that CEOs are responsible for all our problems is one of the sacred holy cows of the security industry. Security analysts, managers, self-proclaimed "Evangelists", "Subject Matter Experts", ad infinitum are responsible for the problems. Lets look at ourselves before blaming others...

Comments  (4)


NIST Recommendations for Cryptographic Key Management

July 17, 2012

Developers are presented with many choices in their use of cryptographic mechanisms. Inappropriate choices may result in an illusion of security, but little or no real security for the application. This Recommendation provides information and establishes frameworks to support appropriate decisions...

Comments  (0)


Insecure Cryptographic Storage Explained

July 12, 2012 Added by:Fergal Glynn

The impact of Insecure Cryptographic Storage flaws when exploited is usually quite high due to the fact that the information that is usually encrypted are important things like personally identifiable information, trade secrets, healthcare records, personal information and credit card numbers...

Comments  (0)


Yahoo!'s No Encryption Trumps LinkedIn's Unsalted Hash

July 12, 2012 Added by:Headlines

Just a month after LinkedIn experienced a significant security breach and caught flack for not "salting their hash", the revelation that the Yahoo! credentials were not even stored in an encrypted format should have everyone concerned about how seriously companies are taking the security of their users...

Comments  (0)


RSA: Claims of SecurID 800 Token Crack are Whack

June 27, 2012 Added by:Headlines

"RSA has received many inquiries, press pickups, blog entries, and tweets regarding an alleged crack by researchers of the RSA SecurID 800 authenticator... an alarming claim and should rightly concern customers who have deployed the RSA SecurID 800 authenticator. The only problem is that it’s not true..."

Comments  (0)


Researchers Crack RSA SecurID Tokens, Extract Keys

June 25, 2012 Added by:Headlines

"[These products are] designed specifically to deal with the case where somebody gets physical access to it or takes control of a computer that has access to it... Here, if the malware is very smart, it can actually extract the keys out of the token.That's why it's dangerous"...

Comments  (0)


If I Told You, I'd Have to Kill You

June 11, 2012 Added by:Ed Bellis

All of these breaches present a great opportunity to learn what does and doesn’t work in information security. But when we get responses like the one posted by Last.FM not only do we not learn anything, we don’t have any reason to believe they have either...

Comments  (0)


The Future of Algorithms

May 17, 2012 Added by:Bill Gerneglia

Algorithms have infiltrated every application and industry on the planet. They cover standard operational control methods such as linear programming, process control and optimization, simulation, queuing, critical path analysis, project management and quality control...

Comments  (0)


Securing Your Company Against BYOD-Created Threats

May 14, 2012 Added by:Ashley Furness

The increasing emergence of Bring Your Own Device (BYOD) policies has both good and bad implications. Here are four strategies your company should implement to keep data secure while supporting employees' choice to use their own laptops, smartphones and tablets in the workplace...

Comments  (3)


Taming the WWW or Wild Wild West

May 13, 2012 Added by:Jayson Wylie

There is a reason the security world refers to exploitation on the Internet to activity ‘in the wild’. A comparison can be made to the lawless, tough and unforgiving world of the Wild West in American history. You can get your stuffz or scalp taken...

Comments  (0)


Ninety Percent of HTTPS Websites Insecure

May 08, 2012 Added by:Dan Dieterle

Of the 200,000 HTTPS websites tested, only about 10% are properly secured. Changes need to be made to the secure online transaction system. Several of the issues have already been addressed, sadly it seems that the appropriate measures to secure SSL have just not been taken...

Comments  (5)


Did Iran Recover Encrypted Data from Downed Stealth Drone?

May 02, 2012 Added by:Dan Dieterle

Iranian officials recently released claims that they have finished their reverse engineering of the downed US stealth drone and will begin to make a copy. The Iranians released information they say was encrypted flight and maintenance data from internal databases...

Comments  (0)


NIST Draft: Designing Cryptographic Key Management Systems

April 23, 2012

This Framework for Designing Cryptographic Key Management Systems (CKMS) contains topics that should be considered by a CKMS designer when developing a CKMS design specification. NIST requests comments on the publication...

Comments  (0)


NIST: Proposed Changes for Digital Signature Standard

April 19, 2012

The proposed revisions provide clarification on how to implement the digital signature algorithms approved in the standard: the Digital Signature Algorithm (DSA), the Elliptic Curve Digital Signature Algorithm (ECDSA) and the Rivest-Shamir-Adelman algorithm (RSA)...

Comments  (1)


Who is Your Machine Talking To?

April 13, 2012 Added by:Patrick Oliver Graf

Network connections that communicate with machine-to-machine (M2M) management platforms are especially prone to attacks, in part because the M2M systems primarily communicate via Wi-Fi networks and 2 or 3G connections...

Comments  (0)


Encryption: Myths and Must Knows

April 11, 2012 Added by:Rebecca Herold

Small to medium sized businesses have legal obligations to protect sensitive information, such as personally identifiable information. Here are some of the common long-held myths related to encryption misconceptions...

Comments  (0)

Page « < 3 - 4 - 5 - 6 - 7 > »