• Dual-EC DRBG Concerns Hit Media Again

    NIST’s withdrawn special publication 800-90A is back in the news. This time, it’s due to an allegation carried by Reuters that RSA Data Security was paid by the NSA to make the dual-EC (elliptic curve) variant the default deterministic random-bit generator algorithm, or DRBG, in its commercial toolkit product. RSA has denied the allegation. Random-bit generation is a critical foundation of

        in General
    0
  • Target Credit Card Breach: Customers Fall Victim to Unknown Security Threat

    As many as 40 million credit and debit card account holders may have been recently exposed to a massive breach involving 1,797 Target stores nationwide, as well as 124 Canadian-based locations. According to Krebs On Security, the initial data breach was thought to have occurred between Black Friday and Dec. 6. However, recent evidence has emerged indicating that the breach

        in General
    0
  • Protect Your Private Keys: Three Easy Steps for Safe Code-Signing

    A recent article by the Microsoft malware protection center, “Be a real security pro – Keep your private keys private,” reminded me of some best practices. There are far too many cases of illegitimate code being signed by a stolen private key for legitimately signed code-signing certificates. In these cases, the owners of the private keys have not secured the

        in Code Signing, Public Key Infrastructure
    0
Page 1 of 31123...5101520...»»