September 29, 2011 Added by:Kanguru Solutions
Flash drives have revolutionized the business world with their convenience and portability. However, for infosec professionals, flash drives are a dual edged sword. If lost or stolen, a single unencrypted flash drive has the potential to cause a costly data breach...
September 28, 2011 Added by:Headlines
"If the user closes all existing HTTP tabs and untrusted HTTPS tabs, then browses to the trusted HTTPS site... and logs out of that HTTPS session before browsing any other HTTP sites or untrusted HTTPS sites, the user will NOT be at risk for this attack..."
September 20, 2011 Added by:Headlines
Security provider Barracuda Networks has warned of a spamming campaign targeting Royal Bank of Canada customers. The spam messages falsely notify users that their SSL certificate has expired, and that in order to continue using online banking services they are required to update the certificate...
September 16, 2011 Added by:Headlines
"An unauthorized third party (hacker) has been active on the CA server that is used for issuing qualified certificates... The integrity of the data on the [DigiNotar] server that is used for production and issuance of qualified certificates is therefore impossible to guarantee..."
September 16, 2011 Added by:Emmett Jorgensen
There are variables at work that often require security measures above and beyond encryption. The confidentiality of the data you are working with, state, federal and industry regulations, user habits, platforms and more all factor into the security measures needed to safeguard your data...
September 12, 2011 Added by:Kanguru Solutions
Every organization has different needs. What works for one may not work for another. Size, budget, personnel, and structure all play a factor in determining what an organization will do in terms of IT security. There generally is no “one size fits all” solution when it comes to Infosec...
September 06, 2011 Added by:Craig S Wright
So, when all is said and done, we have not really changed much as a species. We love to believe that we as a generation are forging something new and facing problems that no other has faced before, but in reality, the analogy remains as it is always likely to remain. Change is the only constant...
August 31, 2011 Added by:Danny Lieberman
So where does SSL fit in? Well, we know that the vulnerabilities for a PHI data breach can not only happen inside any layer but in particular there are vulnerabilities in the system interfaces between layers. That means between server layers and client-server interfaces...
August 23, 2011 Added by:Headlines
The National Institute of Standards and Technology (NIST) is hosting a workshop on Cryptography for Emerging Technologies and Applications that is intended to identify the cryptographic requirements for emerging technologies and applications...
August 10, 2011 Added by:PCI Guru
If you discuss E2EE with any merchant, most see it as this panacea, something that will get them out of the PCI compliance game altogether. However, nothing could be further from the truth. If anything, E2EE may make PCI compliance even more daunting than it is today...
August 10, 2011 Added by:David Martinez
I used this script from the BT5 How-To page, which grabs packets, redirects them through sslstrip, prints the info to my machine, and sends it to the end-user with a spoofed source. Within 30 minutes, I had at least 5 different passwords for FB, Twitter, G-mail, and others...
August 09, 2011
While encryption was once used almost exclusively to protect information using SSL certificates and symmetric and asymmetric keys to scramble data, now it is also used in authentication mechanisms to confirm the identity of a user or a device, and for digital signing to protect data...
August 08, 2011 Added by:Headlines
"Your online reading habits and activities are vulnerable to eavesdropping, and your accounts are vulnerable to hijacking... Electronic Frontier Foundation created HTTPS Everywhere to make it easier for people to keep their user names, passwords, and browsing histories secure and private..."
August 04, 2011 Added by:Dan Dieterle
In the attack, power use is monitored during the power up sequence of the chip. As it is powered up, the chip accesses a key used to decrypt the configuration data file and data stream. By analyzing the power used, the team was able to decrypt the key...
June 27, 2011 Added by:Emmett Jorgensen
The risk in using an RNG that is not truly random stems from the ability of an attacker analyzing the encrypted data and potentially discovering patterns to the encryption. This could allow some type of reverse engineering of the encrypted data or keys...
June 20, 2011 Added by:Sasha Nunke
The SSL (TLS) protocol is the security backbone of the Internet, but surprisingly little is known about how it is deployed. This session will present the results of the first publicly available survey aimed at assessing the state of SSL. It will also provide documentation and free tools...
Steps Toward Weaponizing the Android Platfor... Freid Jerome on 05-17-2013