April 03, 2012 Added by:Kevin Doel
The idea is to choose phrase that you will be able to remember and a simple algorithm for converting it to a strong password. Even the best encryption systems are not going to protect your data if you use weak passwords and a hacker gains physical access to your mobile device...
March 25, 2012 Added by:Ben Rothke
PKI was and still is a powerful set of technologies. But it was a solution far ahead of its time. It was doomed by a lack of standards, interoperability issues, deployment complexities, and a level of complication that confounded even technologically competent end-users...
March 12, 2012 Added by:Electronic Frontier Foundation
The issue in the decryption cases is not whether the decrypted contents of the computer are testimonial. Instead, the issue in these cases is whether the ACT of decrypting information on the computer is testimonial. The answer to that question is that it depends...
March 06, 2012 Added by:Kelly Colgan
Portable and mobile storage devices are significant players in most corporate offices. Ensuring proper protection with a best practices policy and strict enforcement offers significant risk reduction—and can prevent long nights on data breach investigations...
March 05, 2012 Added by:Headlines
Online Trust Alliance (OTA) is calling on the security, business and interactive advertising communities to adopt Always On SSL (AOSSL), the approach of using SSL/TLS across your entire website to protect users with persistent security, from arrival to login to logout...
February 23, 2012 Added by:PCI Guru
Requirement 3.6.4 always seems to be a sticking point because people get caught up in the key expiration concept. The thing to remember is that whether or not a key expires is typically related to the encryption algorithm such as for those using public key infrastructure...
February 16, 2012 Added by:Danny Lieberman
Encryption, buzzword, not a silver bullet for protecting data on your servers. In order to determine how encryption fits into server data protection, consider four encryption components on the server side: passwords, tables, partitions and inter-tier socket communications...
February 15, 2012 Added by:Electronic Frontier Foundation
The consequences of these vulnerabilities are extremely serious. In all cases, a weak key would allow an eavesdropper on the network to learn confidential information, such as passwords or the content of messages, exchanged with a vulnerable server...
February 14, 2012 Added by:Pierluigi Paganini
Trustwave declared that the issuing of subordinate root certificates to private companies was done to allow inspection of the SSL encrypted traffic that passes through their networks. Trustwave decided to stop issuing these in the future, and revoked the existing ones...
February 14, 2012 Added by:Headlines
Among other security benefits, the HTTPS feature will prevent users from having their login credentials stolen by attackers who may attempt to harvest passwords when users access their accounts over unencrypted Wi-Fi networks...
February 12, 2012 Added by:PCI Guru
The problem with the manual option is that encryption keys are typically needed to boot the secure server or start an application that needs access to encrypted data. The security surrounding the keys becomes problematic as operations personnel need regular access...
February 08, 2012 Added by:PCI Guru
Never store the obscured value along with the truncated value. Always separate the two values and also implement security on the obscured value so that people cannot readily get the obscured value and the truncated value together without oversight and management approval...
February 06, 2012 Added by:Rafal Los
Even if you did know where all your critical information is, you'd probably be powerless to control its sprawl. Let's face it, systems consume data and then become mobile - which is hardly something you can do anything about in a world where mobility is a key business driver...
February 06, 2012 Added by:Robert Siciliano
Pretty Good Privacy (PGP) “is a data encryption and decryption computer program that provides cryptographic privacy and authentication for data communication. PGP is often used for signing, encrypting and decrypting texts, E-mails, files, directories and whole disk partitions..."
February 01, 2012 Added by:Electronic Frontier Foundation
A federal district court has handed down an unfortunate early ruling in a case. Prosecutors asked the court to force the defendant to either type an encryption passphrase into the laptop to decrypt the information or turn over a decrypted version of the data...
January 30, 2012 Added by:Infosec Island Admin
Systemic weaknesses and a general lack of oversight governing the process used to issue digital certificates, key to the standards used to validate legitimate websites, prompted some security experts to wonder if the system may be hopelessly ineffective...
Seven “Sins” of Cyber Security... John Terry on 03-05-2015
Update 3: Hackers May Leak Norton Antivirus ... Jhun Astillero on 03-05-2015
Steps Toward Weaponizing the Android Platfor... arisha nani on 03-05-2015