September 2012 - Entrust, Inc. 1-9 of 9

Entrust President and CEO Bill Conner Shares his Thoughts on Sen. Rockefeller’s Letter to the Fortune 500

September 20, 2012 by Bill Conner
Sen. Jay Rockefeller, D-W.Va., who serves as Chairman of the U.S. Committee on Commerce, Science & Transportation, has asked the key questions yet again: Are companies using best practices to protect themselves and their customers’ security? Are companies maintaining their cybersecurity efforts and vigilance on a regular basis, and updating their systems to reflect emerging threats? [Read More...]

Nitol Malware — Leveraging Dynamic DNS for Nefarious Gains

September 19, 2012 by Jason Soroko
A malicious botnet called ‘Nitol’ was interrupted by Microsoft on Sept. 13. ‘Nitol’ was using a Dynamic DNS to enable the infected bot computers to communicate with the hacker’s command and control server. For background, it is possible to serve a website from a home computer, but the difficulty is that your home Internet service [Read More...]

Testing Your SSL Server for CRIME

September 17, 2012 by Bruce Morton
We still have to wait for later this week when Juliano Rizzo and Thai Duong will present their CRIME SSL/TLS attack at Ekoparty Security Conference. Regardless, we now know that the attack is based on the implementation of TLS compression or SPDY (pronounced “speedy”). CRIME uses the vulnerability that there is information leakage when data [Read More...]

Stopping CRIME Attacks

September 13, 2012 by Bruce Morton
This article by Dan Goodin appears to cover the most facts about the CRIME attack on SSL/TLS. It answers my first question about what the acronym means; CRIME is short for “Compression Ratio Info-Leak Made Easy.” It also confirms the attack is performed when the communication uses TLS compression. My understanding is that TLS compression [Read More...]

Speculation on CRIME

September 12, 2012 by Bruce Morton
The SSL industry is waiting for the Ekoparty Security Conference next week to find out more details on the CRIME SSL/TLS attack. Speculation by SSL/TLS experts? The attack is based on TLS compression. Thomas Pornin made this post on IT Security of his guesses on how compression could be used in an attack. This also [Read More...]

CRIME Attack on SSL/TLS

September 10, 2012 by Bruce Morton
The security researchers who brought us BEAST now have a new SSL/TLS attack: CRIME. I would like to know what the acronym CRIME stands for, but we’ll probably have to wait until Juliano Rizzo and Thai Duong present their work at Ekoparty Security Conference later this month. Little information about the attack has been published. [Read More...]

Certificate Key Lengths: Bigger is Better

September 7, 2012 by Scott Shetler
As previously discussed,  Microsoft issued a security advisory announcing they will block keys that are less than 1024 bits long. This feature will appear in an update for supported versions of Microsoft Windows (not affecting Windows 8 or Windows Server 2012; the functionality is already there) and, of course, you have to upgrade to this [Read More...]

The Token Debate: Why the RSA and ISACA Perspectives Are Wrong

September 5, 2012 by Mike Byrnes
While I would never claim to be a maven in the world of cyber security, I find it quite disturbing that a long-standing security vendor such as RSA would proclaim, “Since its (one-time-password token) inception, the world’s most respected security researchers have worked, unsuccessfully, to ‘break’ this technology.” Well, I can’t comment on the world’s [Read More...]

Firefox’s Lock Icon is Back

September 4, 2012 by Bruce Morton
I’m a little late with this blog item. Maybe it was because it was a great summer or maybe it’s because I don’t use Firefox or maybe it’s because … Firefox 14.0 released in June 2012 and the SSL lock symbol is back. I wrote a blog last year where the beta of Firefox 4.0 [Read More...]