Entrust Identity On: Latest Posts

Jason Soroko

Playing in the Digital Sandbox: Balancing System Trust

January 22, 2014 by Jason Soroko Leave a Comment

On a daily basis, most people using desktop operating systems consume resources and ‘rich content’ from unknown sources on the Internet, typically via technologies ‘under the hood’ of our Web browsers.  These include Java, browser plugins like Adobe Flash, PDF readers, HTML5 and others. All are meant to create a rich and seamless user experience. [Read More...]

Filed Under: Identity Assurance, Malware Tagged:

Mobile Malware — Will it Expand in 2014?

January 20, 2014 by Entrust, Inc. Leave a Comment

This comes as no surprise, but the bring-your-own-device (BYOD) movement has reached critical mass.  More and more enterprises are leveraging mobile to share information, complete transaction or increase business efficiency. In fact, 67 percent of organizations use personal devices at work, and 42 percent of companies surveyed now allow BYOD at the enterprise level.  Unfortunately, [Read More...]

Filed Under: General, Malware, Mobility Tagged: EW, malware, mobile

Digital Certificates: How they Secure Consumer-Level Devices, Identities

January 16, 2014 by Entrust, Inc. Leave a Comment

The modern home is connected to the online world today more than ever. Now, everything from toaster ovens to toilets are IP-enabled. The phenomenon is called the Internet of Things, and we are currently starting to see the beginning of a massive worldwide adoption of it.  What can Digital Certificates Protect? • Gaming consoles • [Read More...]

Filed Under: Digital Certificates Tagged: EW
Jason Soroko

Credit Card Number Theft: POS Malware and the Path of Least Resistance

January 15, 2014 by Jason Soroko Leave a Comment

It was December 2011 when we first read about payment card number theft that occurred at Subway sandwich shops. Now, we’re sorting through the theft of 40 million payment cards from Target. That number was revised to 70 million names and identifying information such as phone numbers.   Researchers, most notably Brian Krebs, have done a [Read More...]

Digital Certificates: Strengthening Security in the Enterprise

January 13, 2014 by Entrust, Inc. Leave a Comment

Upon first glance, a utility meter might seem like the furthest thing from a security threat than you could imagine. After all, what harm could come from a device that measures the amount of electricity or gas your building consumes? The reality is, however, that in today’s ultra-connected world, this type of naive thinking could [Read More...]

What is Malware-as-a-Service?

January 7, 2014 by Entrust, Inc. Leave a Comment

There’s a strong misconception — amongst business leaders and consumers alike — that unleashing a cyberattack is a difficult and expensive process that only experts are capable of executing. In reality, this could not be further from the truth. Currently, the integrity of the Internet is being compromised by a vast criminal underground market commonly [Read More...]

Filed Under: Malware Tagged:

Why We Need to Move to SHA-2

January 6, 2014 by Bruce Morton 1 Comment

Previously, we advised that the SSL industry must move to the SHA-2 hashing algorithm for certificate signatures. We thought it would be helpful to provide the reasoning behind the position. In the context of SSL, the purpose of a hashing algorithm is to reduce a message (e.g., a certificate) to a reasonable size for use [Read More...]

Tim Moses

Dual-EC DRBG Concerns Hit Media Again

December 23, 2013 by Tim Moses 1 Comment

NIST’s withdrawn special publication 800-90A is back in the news. This time, it’s due to an allegation carried by Reuters that RSA Data Security was paid by the NSA to make the dual-EC (elliptic curve) variant the default deterministic random-bit generator algorithm, or DRBG, in its commercial toolkit product. RSA has denied the allegation. Random-bit generation [Read More...]

Filed Under: General Tagged: NIST, RSA

Target Credit Card Breach: Customers Fall Victim to Unknown Security Threat

December 19, 2013 by Entrust, Inc. Leave a Comment

As many as 40 million credit and debit card account holders may have been recently exposed to a massive breach involving 1,797 Target stores nationwide, as well as 124 Canadian-based locations. According to Krebs On Security, the initial data breach was thought to have occurred between Black Friday and Dec. 6. However, recent evidence has [Read More...]

Filed Under: General Tagged: Target

Protect Your Private Keys: Three Easy Steps for Safe Code-Signing

December 19, 2013 by Bruce Morton Leave a Comment

A recent article by the Microsoft malware protection center, “Be a real security pro – Keep your private keys private,” reminded me of some best practices. There are far too many cases of illegitimate code being signed by a stolen private key for legitimately signed code-signing certificates. In these cases, the owners of the private [Read More...]