Blog Posts 1-10 of 23
Entrust withdraws from CA/B Forum
Entrust has a long history with the CA/Browser Forum. We are one of its founding members, and have worked closely with it since its founding. Sadly, we have had to leave the Forum along with nearly 40% of its membership including other companies such as IdenTrust, Network Solutions, RIM, RSA and T-Systems. Even worse, this [Read More...]
US Court Decision is Good News for Banking Customers
Blogmaster Note: This was originally posted on July 17, 2012 to ComputerWorld UK’s Security Spotlight Blog. US ruling has implications for UK over bank’s liability Thefts from a construction company in Sanford, Maine might be the catalyst for much-needed improvements to banking security. The US First Circuit Court of Appeals reversed a decision that said [Read More...]
Alan Turing Notes on Cryptography Released
Are there any insights left to be wrung from the code breaker’s papers?
Chris Vallance of the BBC reports that GCHQ has released some of Alan Turing’s papers on the theory of code breaking. They’re not on display at the National Archives at Kew. I’ve checked the web pages of the Archives and GCHQ, and there is as of my writing nothing up there, yet.
The two papers are titled, The Applications of Probability to Crypt” and Paper on the Statistics of Repetitions. They discuss the use of mathematics to cryptanalysis. This might seem a bit obvious now, but at the time cryptanalysis was largely done by smart people and not by machines. A code-breaker was more likely someone who was good at solving complex crossword puzzles than working with numbers. It was unusual to bring in someone like Turing to a cryptology lab.
There Weren’t Really Chinese Backdoors in Military Chips
Blogmaster Note: This was originally posted on July 12, 2012 to ComputerWorld UK’s Security Spotlight Blog. What happened and unsolicited advice In March, Cambridge researcher Sergei Skorobogatov and Quo Vadis Labs researcher Christopher Woods put up a draft paper on a cool new technique they used to ‘disable all the security’a security-enabled chip. It sat [Read More...]
If You Don’t Like Your CA’s Practices, Find One More Sympatico
The following Mozilla bug came my way via the Cryptography mailing list. The gist of it is that a Norton (né VeriSign) customer asked for a certificate with two-year certificate, and got one with six-year validity. I don’t precisely understand why the customer is complaining to Mozilla, but they didn’t get satisfaction with Norton, who [Read More...]
Disappointment Over Speeding up SSL
A year and a half ago, Google started an experiment to speed up SSL by 30% by using an improvement called False Start. Our own Bruce Morton wrote about it not once but twice, and most of the world has been hopeful about the experiment. What’s not to like about a 30% speed improvement? Sadly, [Read More...]
APWG Counter eCrime Operations Summit
The APWG started as the Anti-Phishing Working Group in 2003. In the past nine years, it has grown and expanded to be an association of technical organizations, financial organizations, treaty organizations, and others to fight eCrime and identity theft. It provides coordination and assistance for just about anyone who needs it. I have worked with [Read More...]
Security Hardening iPhones and iPads
Blogmaster Note: This was originally posted on April 12, 2012 to ComputerWorld UK’s Security Spotlight Blog. BYOD, or “Bring Your Own Device” is one of the IT trends that I’m sure you know about, if not by that name. Driven by the users themselves, who go out and get cool new kit — iOS, Android, their [Read More...]
Sophos Breach Tied to Partner Portal
Security Week reports in, “Sophos Kills Partner Portal After Suffering Breach” that the security firm Sophos has disabled its partner portal after discovering a breach. They aren’t saying much yet — kudos to them for their disclosure and response — but they think that the breach came from an older part of their portal, and [Read More...]
Google Rethinks Revocation
Google has decided in Chrome that they’re going to take a different approach to certificate revocation. Chrome developer Adam Langley describes the decision in detail in his blog, Imperial Violet. Unlike a number of CAs, we think this is a pretty good idea, even if incompletely executed so far. Revocation is a difficult task. It [Read More...]