Encryption
FIPS 140-2: Just Buzzword Bingo?
June 15, 2011 Added by:Jonathan Lampe
If your IT department intersects with the finance, health care, government or energy sectors, or is subject to regulations such as PCI-DSS, then you should be using FIPS 140-2 validated cryptography now to protect data-in-transit and data-at-rest...
Comments (2)
X.509 Certificates vs. Webs Of Trust (e.g., PGP, SSH)
June 07, 2011 Added by:Jonathan Lampe
My belief is that WOT is fading, not just because PGP Corp was acquired, but also because PGP Corp itself was making or had made several technology decisions to integrate X.509 into PGP encryption and signing processes and even to act as an X.509 certificate authority...
Comments (2)
Could the IT Staff Hold Your Company Hostage?
May 24, 2011 Added by:Headlines
Report: "A significant number of IT staff could cause chaos for their organizations with their knowledge of and access to digital certificates and encryption keys due to lack of management controls and no separation of duties..."
Comments (0)
SSD’s and the Importance of Encryption
May 12, 2011 Added by:Emmett Jorgensen
With data privacy issues becoming increasingly important, regulations have tightened on information security. Regulators often impose sanctions for data breaches as outlined in state laws. New regulations bring added importance to the need to securely erase data from an SSD...
Comments (0)
Osama Bin Laden's Computer Files and Data Encryption
May 06, 2011 Added by:Headlines
"Correctly implemented encryption is very difficult to break. If data is encrypted correctly using good, best practices, I'm not aware of the ability to break that encryption. If correctly implemented and done by someone who understands how to do it, it's a huge, huge challenge..."
Comments (0)
Eleven Questions to Ask When Buying a Secure Flash Drive
May 03, 2011 Added by:Emmett Jorgensen
USB flash drives are far too beneficial to be banned outright and avoided. Used with the correct combination of security features, they are a major asset to most organizations, providing a portable platform for storage and applications needed in today's corporate IT environments...
Comments (0)
ZRTP Voice Encryption is Finally a Standard RFC
April 13, 2011 Added by:Fabio Pietrosanti
A new wave is coming to the voice encryption world, erupting to fill a gray area where most of the companies doing phone encryption have been implementing custom systems. Now a standard has been setup and there are few reasons left to continue implementing anything different...
Comments (0)
Drive Encryption Useless Against Some Online Attacks
January 11, 2011 Added by:Dan Dieterle
Drive encryption is recommended, and it works very well, but just how well will it protect you from online attacks? Truth be told, in some situations it may not help you at all. I wanted to see how well drive encryption would protect a Windows XP SP3 machine from a common online Java based attack...
Comments (5)
Cryptography Engineering: Principles and Applications
December 21, 2010 Added by:Ben Rothke
Cryptography Engineering is a much-needed update. While not as detailed as the former work, and with significantly fewer code examples, the new text is still a valuable resource for anyone who wants to come up to speed on the essentials of modern cryptography...
Comments (0)
WikiLeaks Lessons: Stronger Encryption and Secured Systems
December 12, 2010 Added by:Gurudatt Shenoy
What alarms me is not what has been leaked by WikiLeaks, but what could be out there that is even more dangerous, a potential for disaster waiting to happen, or something important that could fall in the hands of sinister people...
Comments (1)
WebMail and HTTPS - How Difficult Can It Be?
November 22, 2010 Added by:Rafal Los
Given the extreme hyper-focus on session theft through packet capture and replay - ahem, FireSheep - in sites like Twitter and FaceBook, it's interesting to see how difficult it is, or if its even possible, to enable HTTPS throughout a popular, high-traffic site that we use every day...
Comments (1)
Laptop and Cell Phone Data Searched at Airport
November 22, 2010 Added by:Anthony M. Freed
Your computer and cellphone data can be searched by customs officials. If it is really the case that authorities can act as if our Constitutional rights end at the airport terminal, we have much bigger problems than naked body scans and groping screeners touching our junk...
Comments (8)
Encrypting Data at Rest
November 17, 2010 Added by:Alexander Rothacker
This prevents privileged OS users on the database host from reading sensitive data as well as keeping data and backup files safe. Encryption is required to comply with certain government and industry regulations such as PCI, HIPPA, etc...
Comments (0)
Vulnerable Out of the Box - The Problem With Plug-Ins
November 16, 2010 Added by:Rafal Los
What if on the first boot you had to be connected to the Internet, and your computer would then connect to a trusted site over a secure channel - SSL authorization & encryption bi-directionally - then pull down all the software you'd need from a single vendor-supplied distribution point?
Comments (3)
From the Web
HTTP Strict Transport Security
October 06, 2010 from: Mozilla Security Blog
A while ago, we talked about Force-TLS that lets sites say “hey, only access me over HTTPS in the future” and the browser listens. Well, this idea has been solidifed into a draft spec for HTTP Strict Transport Security (HSTS) and we’ve landed support for it into our source tree. This means that HSTS will be shipped with Firefox 4, and will be deployed as soon as the next beta release.
Comments (0)
Few BitLocker-Equipped PCs Encrypt Data
September 26, 2010 Added by:Bill Gerneglia
Reasons users weren’t using the encryption tool included lack of education about encryption benefits, lack of a policy requiring encryption, fear of decreased system performance, and compatibility issues with disk encryption software and network devices such as SSL VPN...
Comments (0)
- Five Things Your InfoSec Team Should Do in the Next 30 Days
- The Disclosure Debate Continues….. (part 1,453, 769) to be Continued
- The Danger of Mixing Cyber Espionage with Cyber Warfare
- Improving Security by Failing Faster
- BYOD: Should It Be the Wave of the Future?
- Trend Micro Discovers "SafeNet" - a New Targeted Espionage Operation Online
- Managing My Company’s Security is a Nightmare
- Bridging the Cybersecurity Divide, Why Security Innovation Must Lead the Way
- The Evolution of Industrial Control System Information Sharing
- ATM Security (And Really Learning from the Past)