Entrust Identity On: Latest Posts
With news of the Heartbleed bug, we have been receiving questions as to how this impacts the certification authority (CA) service at Entrust. In summary, Entrust SSL customers do not need to be concerned about the management of their certificates or their certificate management accounts. The CA private keys are protected on a NIST FIPS [Read More...]
A quick look at our world today reveals that the need for mobile security has never been greater. After all, the number of activated mobile devices has actually surpassed the population of our planet. For the people who use them — which is just about everybody — such devices permeate every aspect of life. These [Read More...]
Malware is a problem across the board, but identity protection measures can help fight it.
The discovery of the Heartbleed implementation bug that could attack certain version of OpenSSL has, rightfully, made global headlines. While this vulnerability doesn’t affect the certificates issued by trusted certification authorities (CA), the discovery has set end-users into a bit of “password panic.” The crux of the issue is that services providers, website operators, software [Read More...]
This entry is part 1 of 1 in the series Cybersecurity and Pareto OptimalityIn the study of economics there is a technique called Pareto optimality. Pareto Optimality, or Pareto Efficiency, is a guiding force of economic efficiency. Simply put, it is the principle that there exists a balancing point between opposing interests where neither party [Read More...]
Some businesses have to learn the hard way the price paid for weak authentication.
A new threat called the Heartbleed Bug has just been reported by some researchers at Codenomicon and Google. Heartbleed attacks the heartbeat extension (RFC 6520) implemented in OpenSSL. The official reference to the Heartbleed bug is CVE-2014-0160. Heartbleed allows an attacker to read the memory of a system over the Internet and compromise the private [Read More...]
Are you a CISO, IT manager, administrator or even a non-technology manager tasked with security-related objectives outside of your scope? Entrust is here to help make your job easier. No matter what type of Entrust security solution you and your organization currently trusts — SSL, device certificates, certificate management and discovery, smart credentialing or even [Read More...]
A move to the cloud provided better security for one university.
We have discussed the SHA-1 deprecation policy and why you should move to SHA-2. The certification authorities (CAs) have provided methods to have your certificates issued and signed using a SHA-2 hashing algorithm. As we move ahead, you will see the CAs changing the default signing algorithm from SHA-1 to SHA-2. It’d be sound strategy [Read More...]