Entrust Identity On: Latest Posts
We’ve heard the argument that website operators could just use self-sign certificates. They are easy to issue and they are “free.” Before issuing self-signed certificates, it’s a good idea to examine the trust and security model. You should also compare self-signed certificates to the publicly trusted certification authority (CA) model; and then make your own decision.
In December, Entrust and Forrester began work on a Technology Adoption Profile (TAP) whitepaper centering on mobile. As organizations have begun to accept the inevitable — the eventuality of mobile devices permeating networks and infrastructures — they are looking to address mobile security as a whole and not as siloed device types (e.g., corporate- and employee-owned). With this in mind, the report discusses bring-your-own-device (BYOD) and corporate-owned devices together.
BEAST & Lucky Thirteen attacks said, “Prioritize RC4 cipher suite.” AlFBPPS attack said, “RC4 is old and crummy. CBC-mode would be better.”
Mobile, when implemented correctly, has the power to deliver unmatched security and user convenience, while also enabling new business processes that actually lead to delighting customers and engaging them in the fight against fraud.
At the IETF 86 meeting in Orlando last week, there was a working group meeting discussing the operations of the Web PKI. At the previous IETF 85 meeting a birds-of-a-feather was held to discuss the purpose of having such a group.
February 2013 was a busy month for Entrust. We exhibited at Mobile World Congress in Barcelona, Spain, while concurrently exhibiting at the RSA Conference in San Francisco.
The team of Nadhem AlFardan, Dan Bernstein, Kenny Paterson, Bertram Poettering and Jacob Schuldt published an RC4 encryption attack in SSL/TLS.
As part of its effort to promote SSL certificate best practices, the CA Security Council (CASC) has offered a couple of blogs on the importance of revocation checking
With that said, we’re packing up Booth 1139 and putting her away for next year. How will Entrust identity-based security solutions protect your customers, enterprise or government agencies in the coming years? Check us out again at RSA Conference 2014. Or, better yet, just contact us today.
At Entrust Booth 1139 at RSA this week, Entrust authentication expert Mike Moir outlined cost-effective methods for implementing advanced authentication to ensure CJIS compliance.