Entrust Identity On: Latest Posts

It’s a Tough Road For Businesses That Don’t Protect Their Identities

April 16, 2014 by Entrust, Inc. Leave a Comment

From the Target breach last year to the crop of new data attacks that have arisen in 2014, there are no shortage of threats to enterprise security on the web.

Jason Soroko

Reactive Cybersecurity Strategy Is Not A Strategy

April 16, 2014 by Jason Soroko Leave a Comment

It’s encouraging that many organizations have become aware of security of their networks and computer resources. This awareness is sometimes triggered by breach or fraud headlines in tech journalism, which leads to concern and curiosity. It is immediately apparent when I’m speaking with a company that has suffered from an attack because their questions are [Read More...]

Entrust OpenSSL Disclosure

April 14, 2014 by Entrust, Inc. Leave a Comment

With news of the Heartbleed bug, we have been receiving questions as to how this impacts the certification authority (CA) service at Entrust. In summary, Entrust SSL customers do not need to be concerned about the management of their certificates or their certificate management accounts. The CA private keys are protected on a NIST FIPS [Read More...]

Filed Under: SSL, SSL Deployment Tagged: OpenSSL, SSL

How Device Certificates Secure our Mobile Identities

April 14, 2014 by Entrust, Inc. Leave a Comment

A quick look at our world today reveals that the need for mobile security has never been greater. After all, the number of activated mobile devices has actually surpassed the population of our planet. For the people who use them — which is just about everybody — such devices permeate every aspect of life. These [Read More...]

IT Departments, Governments Fear Security Issues

April 11, 2014 by Entrust, Inc. Leave a Comment

Malware is a problem across the board, but identity protection measures can help fight it. 

Heartbleed & OpenSSL — Do End-Users Need to Change Their Passwords?

April 10, 2014 by Entrust, Inc. Leave a Comment

The discovery of the Heartbleed implementation bug that could attack certain version of OpenSSL has, rightfully, made global headlines. While this vulnerability doesn’t affect the certificates issued by trusted certification authorities (CA), the discovery has set end-users into a bit of “password panic.” The crux of the issue is that services providers, website operators, software [Read More...]

Filed Under: SSL, SSL Deployment Tagged: heartbleed, OpenSSL, SSL

Cybersecurity and Pareto Optimality? (Part 1)

April 10, 2014 by Matthew Lewis Leave a Comment
This entry is part 1 of 1 in the series Cybersecurity and Pareto Optimality

This entry is part 1 of 1 in the series Cybersecurity and Pareto OptimalityIn the study of economics there is a technique called Pareto optimality. Pareto Optimality, or Pareto Efficiency, is a guiding force of economic efficiency. Simply put, it is the principle that there exists a balancing point between opposing interests where neither party [Read More...]

Filed Under: General Tagged: Pareto Optimality

Weakly Guarded Businesses Can Expect Decline in Revenue (Part 2)

April 9, 2014 by Entrust, Inc. Leave a Comment

Some businesses have to learn the hard way the price paid for weak authentication.

Filed Under: Authentication Tagged: EV

New in 2014 — Certificate Management for All Users, Organizations

April 8, 2014 by Entrust, Inc. Leave a Comment

As we evolve from the Entrust Certificate Management Service (CMS) to Entrust IdentityGuard Cloud Services SSL, it’s important to understand changes that could affect some customers. Any new or current customers who purchase four or fewer Entrust certificates online now have access to all the capabilities and features of Entrust IdentityGuard Cloud Services SSL. With [Read More...]

OpenSSL Heartbleed Bug

April 8, 2014 by Bruce Morton 9 Comments

A new threat called the Heartbleed Bug has just been reported by some researchers at Codenomicon and Google. Heartbleed attacks the heartbeat extension (RFC 6520) implemented in OpenSSL. The official reference to the Heartbleed bug is CVE-2014-0160. Heartbleed allows an attacker to read the memory of a system over the Internet and compromise the private [Read More...]

Filed Under: SSL, SSL Deployment Tagged: Apache, heartbleed, NGINX