October 2012 - Entrust, Inc. 1-6 of 6

Mobile Smart Credentials — Multipurpose Digital Identities for improved Security AND User Convenience

October 24, 2012 by Mike Byrnes
Today, Entrust announced the commercial release of the Entrust IdentityGuard Mobile Smart Credential — a solution that transforms a smartphone into a multipurpose digital identity.

Marc Benioff, Salesforce Identity, Good thing or Bad thing for IAM Security?

October 17, 2012 by David Mahdi
Ok, so how many accounts do you have? You know, for things like Facebook, LinkedIn, corporate IDs, loyalty programs (e.g., airlines, credit cards), banks, etc. How many different combinations of usernames and passwords is that? Do they all have the same rules for password combinations? Probably not. Well, some good news for those suffering in [Read More...]

HTTPS Everywhere 3.0

October 11, 2012 by Bruce Morton
The Electronic Frontier Foundation (EFF) has released HTTPS Everywhere 3.0.

SHA-3

October 9, 2012 by Bruce Morton
On October 2, 2012, the National Institute of Standards and Technology (NIST) announced that the winner of the new SHA-3 hash function competition was Keccak. The plan is SHA-3 will eventually replace SHA-1 and the SHA-2 hash families. To support digital certificates, the hashing function is used by the certification authority (CA) to put its [Read More...]

Adobe Code-Signing Certificate Compromised

October 3, 2012 by Bruce Morton
Adobe announced they received two malicious utilities signed by a valid Adobe code-signing certificate. The code-signing certificate was compromised though an attack on their code-signing system. The code-signing certificate will be revoked on October 4, 2012, and will impact all code being signed after July 12, 2012. A supporting security advisory has been issued. The [Read More...]

Summarization of CRIME Attack on SSL

October 2, 2012 by Bruce Morton
I’ve written a few blogs on CRIME, but now that Juliano Rizzo and Thai Duong have presented CRIME at Ekoparty 2012, I thought a summary is due. CRIME is short for “Compression Ratio Info-Leak Made Easy.” In their presentation, Rizzo and Duong reminded us that HTTPS provides confidentiality, integrity and authenticity; however, CRIME decrypts portions [Read More...]