Items Tagged with "Encryption"


Smart Grid Security: Getting Better, But Needs Improvement

August 09, 2012 Added by:Brent Huston

There is still room for improvement in the smart grid space: Encryption versus encoding, modern development security, JTAG protection, input validation and the usual application security shortcomings that the web and other platforms are struggling with. Default passwords, crypto keys and configurations still abound...

Comments  (0)


ICS-CERT: Kessler-Ellis Products Exploit POC

August 02, 2012 Added by:Infosec Island Admin

ICS-CERT has notified the affected vendor of the report and has asked the vendor to confirm the vulnerability and identify mitigations. ICS-CERT is issuing this alert to provide early notice of the report and identify baseline mitigations for reducing risks to these and other cybersecurity attacks...

Comments  (0)


Five Security Tips for Android Phones and Tablets

July 31, 2012 Added by:Nicholas Cifranic

Android app stores such as Google Play have little or no security implementation, so anyone with a developer account may publish applications. Although Google has been attempting to enforce more controls to detect malicious apps, hackers are still publishing malware disguised as popular applications...

Comments  (0)


Between You and Me, This is Not Private...

July 22, 2012 Added by:Fergal Glynn

If most websites can’t get password storage right, you can bet they can’t get storage of the content you are trusting them with right either. The private documents that you stored with your favorite cloud service are probably not encrypted in a way that only your account can decrypt, if they’re encrypted at all...

Comments  (0)


Security is Your Responsibility When Using Free Wi-Fi

July 17, 2012 Added by:Dale Rapp

Free wireless hot spots deliver a high-speed internet connection, but this convenient no hassle access to the internet comes with a lack of security. This doesn't mean you should avoid accessing a free wireless hot spot, it just means you need to be aware of how to protect your device when you do...

Comments  (0)


Ten Things I’ve Learned About Cloud Security

July 17, 2012 Added by:Bill Mathews

Cloud security is tough for a lot of reasons, not least of which is because you probably only understand the basics of what you interface with - the controls the provider allows you to see. This lack of depth of management introduces many security related challenges. Having said that, let’s explore...

Comments  (0)


Data: The Final Frontier of the Collapsing Perimeter

July 16, 2012 Added by:Rafal Los

If we as IT professionals and architects acknowledge that the perimeter is now around the data, what solutions do we have for protecting it? How can we protect data which is mobile, usable, and in a constant state of danger? The answer seems to be some form of protection that involves our old friend, encryption...

Comments  (0)


China Has Backdoor Access to Eighty-Percent of Communications

July 16, 2012 Added by:Headlines

Former Pentagon analyst F. Michael Maloof warns that the Chinese government has backdoor access to as much as eighty-percent of the worlds telecom traffic, giving the regime access to sensitive communications made possible by equipment from two Chinese based telecom giants - Huawei Technologies and ZTE...

Comments  (0)


Yahoo Voices Accounts Exposed and Available to the General Public

July 13, 2012 Added by:Marc Quibell

If Yahoo took "security very seriously" this probably may not have happened. This is obviously a fail in their IT Security practices, on many accounts, beginning with the SQL Injection attack used to compromise the server - yes, it only took one server to compromise for this to occur...

Comments  (0)


Insecure Cryptographic Storage Explained

July 12, 2012 Added by:Fergal Glynn

The impact of Insecure Cryptographic Storage flaws when exploited is usually quite high due to the fact that the information that is usually encrypted are important things like personally identifiable information, trade secrets, healthcare records, personal information and credit card numbers...

Comments  (0)


Yahoo!'s No Encryption Trumps LinkedIn's Unsalted Hash

July 12, 2012 Added by:Headlines

Just a month after LinkedIn experienced a significant security breach and caught flack for not "salting their hash", the revelation that the Yahoo! credentials were not even stored in an encrypted format should have everyone concerned about how seriously companies are taking the security of their users...

Comments  (0)


NIST Guidelines for Securing Mobile Devices in the Enterprise

July 11, 2012

The purpose of this publication is to help organizations centrally manage and secure mobile devices against a variety of threats. This publication provides recommendations for selecting, implementing, and using centralized management technologies, and it explains the security concerns inherent in mobile device use...

Comments  (0)


Cyberoam DPI Vulnerability Alarms Tor Project

July 10, 2012 Added by:Pierluigi Paganini

Tor Project found a vulnerability in Cyberoam DPI where all share the same digital certificate and the private key is the same for every device. The implications are serious, as it could be possible to catch traffic from any user by extracting the key and importing it into other DPI devices for interception...

Comments  (0)


Does Two-Factor Authentication Need Fixing?

July 03, 2012 Added by:Nick Owen

Assuming that the anti-malware companies cannot keep malware off PCs, what can be done? Well, actually stronger authentication can be applied at certain points in the online banking process to reduce exposure. When people think of two-factor authentication, they typically mean session authentication...

Comments  (1)


Is Your WPA2 Protected Wireless Network Really Secure

July 01, 2012 Added by:Dale Rapp

A weak WPA2 passphrase could be hacked allowing an unauthorized person to use the wireless network. Even worse this unauthorized person could decrypt the communications revealing emails you send, web sites you visit, and passwords you use for access to websites...

Comments  (0)


Small Tech Firms Pursue Level 1 Service Provider PCI Compliance

July 01, 2012 Added by:Stacey Holleran

Small technology companies are finding themselves in a unique business situation as prospective clients increasingly request software applications and hosting solutions that can accommodate secure mobile payment transactions, bringing these technology companies to the forefront as “merchant service providers”...

Comments  (0)

Page « < 1 - 2 - 3 - 4 - 5 > »