Encryption
Securing Flash Drives within the Enterprise
September 29, 2011 Added by:Kanguru Solutions
Flash drives have revolutionized the business world with their convenience and portability. However, for infosec professionals, flash drives are a dual edged sword. If lost or stolen, a single unencrypted flash drive has the potential to cause a costly data breach...
Comments (1)
Microsoft Workaround for the SSL/TLS Vulnerability
September 28, 2011 Added by:Headlines
"If the user closes all existing HTTP tabs and untrusted HTTPS tabs, then browses to the trusted HTTPS site... and logs out of that HTTPS session before browsing any other HTTP sites or untrusted HTTPS sites, the user will NOT be at risk for this attack..."
Comments (0)
Scammers Exploiting Bogus DigiNotar SSL Certificates
September 20, 2011 Added by:Headlines
Security provider Barracuda Networks has warned of a spamming campaign targeting Royal Bank of Canada customers. The spam messages falsely notify users that their SSL certificate has expired, and that in order to continue using online banking services they are required to update the certificate...
Comments (0)
DigiNotar Banned from Issuing New Digital Certificates
September 16, 2011 Added by:Headlines
"An unauthorized third party (hacker) has been active on the CA server that is used for issuing qualified certificates... The integrity of the data on the [DigiNotar] server that is used for production and issuance of qualified certificates is therefore impossible to guarantee..."
Comments (0)
Why Encryption Alone Isn’t Enough
September 16, 2011 Added by:Emmett Jorgensen
There are variables at work that often require security measures above and beyond encryption. The confidentiality of the data you are working with, state, federal and industry regulations, user habits, platforms and more all factor into the security measures needed to safeguard your data...
Comments (0)
Customize Your Flash Drive – Infosec Style
September 12, 2011 Added by:Kanguru Solutions
Every organization has different needs. What works for one may not work for another. Size, budget, personnel, and structure all play a factor in determining what an organization will do in terms of IT security. There generally is no “one size fits all” solution when it comes to Infosec...
Comments (0)
Security: What Was Old is New Again
September 06, 2011 Added by:Craig S Wright
So, when all is said and done, we have not really changed much as a species. We love to believe that we as a generation are forging something new and facing problems that no other has faced before, but in reality, the analogy remains as it is always likely to remain. Change is the only constant...
Comments (0)
Securing Web Servers with SSL
August 31, 2011 Added by:Danny Lieberman
So where does SSL fit in? Well, we know that the vulnerabilities for a PHI data breach can not only happen inside any layer but in particular there are vulnerabilities in the system interfaces between layers. That means between server layers and client-server interfaces...
Comments (0)
Cryptography for Emerging Technologies and Applications
August 23, 2011 Added by:Headlines
The National Institute of Standards and Technology (NIST) is hosting a workshop on Cryptography for Emerging Technologies and Applications that is intended to identify the cryptographic requirements for emerging technologies and applications...
Comments (0)
End-to-End Encryption – The Rest Of The Story
August 10, 2011 Added by:PCI Guru
If you discuss E2EE with any merchant, most see it as this panacea, something that will get them out of the PCI compliance game altogether. However, nothing could be further from the truth. If anything, E2EE may make PCI compliance even more daunting than it is today...
Comments (0)
Quiet Please - H4xing in Progress
August 10, 2011 Added by:David Martinez
I used this script from the BT5 How-To page, which grabs packets, redirects them through sslstrip, prints the info to my machine, and sends it to the end-user with a spoofed source. Within 30 minutes, I had at least 5 different passwords for FB, Twitter, G-mail, and others...
Comments (0)
Black Hat USA 2011: Jeff Hudson - CEO - Venafi
August 09, 2011
While encryption was once used almost exclusively to protect information using SSL certificates and symmetric and asymmetric keys to scramble data, now it is also used in authentication mechanisms to confirm the identity of a user or a device, and for digital signing to protect data...
Comments (0)
Encrypting the Web with HTTPS Everywhere
August 08, 2011 Added by:Headlines
"Your online reading habits and activities are vulnerable to eavesdropping, and your accounts are vulnerable to hijacking... Electronic Frontier Foundation created HTTPS Everywhere to make it easier for people to keep their user names, passwords, and browsing histories secure and private..."
Comments (0)
Researchers Break Military Chip Encryption Keys
August 04, 2011 Added by:Dan Dieterle
In the attack, power use is monitored during the power up sequence of the chip. As it is powered up, the chip accesses a key used to decrypt the configuration data file and data stream. By analyzing the power used, the team was able to decrypt the key...
Comments (0)
Where is the Focus on Randomness in Cryptography?
June 27, 2011 Added by:Emmett Jorgensen
The risk in using an RNG that is not truly random stems from the ability of an attacker analyzing the encrypted data and potentially discovering patterns to the encryption. This could allow some type of reverse engineering of the encrypted data or keys...
Comments (2)
Webcast: The State of SSL on the Internet
June 20, 2011 Added by:Sasha Nunke
The SSL (TLS) protocol is the security backbone of the Internet, but surprisingly little is known about how it is deployed. This session will present the results of the first publicly available survey aimed at assessing the state of SSL. It will also provide documentation and free tools...
Comments (0)
- Managing My Company’s Security is a Nightmare
- Bridging the Cybersecurity Divide, Why Security Innovation Must Lead the Way
- The Evolution of Industrial Control System Information Sharing
- ATM Security (And Really Learning from the Past)
- Complimentary IT Security Resources [May 13, 2013]
- Steps Toward Weaponizing the Android Platform
- Mobile Security Processes Could Be Applied to Medical Devices: Bluebox
- The Emperor Is Naked!
- Infographic: Keeping Web Applications Safe
- Do You Have a Vendor Security Check List? You Should!