Entrust Identity On: Latest Posts

Why We Need to Move to SHA-2

January 6, 2014 by Bruce Morton 1 Comment

Previously, we advised that the SSL industry must move to the SHA-2 hashing algorithm for certificate signatures. We thought it would be helpful to provide the reasoning behind the position. In the context of SSL, the purpose of a hashing algorithm is to reduce a message (e.g., a certificate) to a reasonable size for use [Read More...]

Tim Moses

Dual-EC DRBG Concerns Hit Media Again

December 23, 2013 by Tim Moses 1 Comment

NIST’s withdrawn special publication 800-90A is back in the news. This time, it’s due to an allegation carried by Reuters that RSA Data Security was paid by the NSA to make the dual-EC (elliptic curve) variant the default deterministic random-bit generator algorithm, or DRBG, in its commercial toolkit product. RSA has denied the allegation. Random-bit generation [Read More...]

Filed Under: General Tagged: NIST, RSA

Target Credit Card Breach: Customers Fall Victim to Unknown Security Threat

December 19, 2013 by Entrust, Inc. 1 Comment

As many as 40 million credit and debit card account holders may have been recently exposed to a massive breach involving 1,797 Target stores nationwide, as well as 124 Canadian-based locations. According to Krebs On Security, the initial data breach was thought to have occurred between Black Friday and Dec. 6. However, recent evidence has [Read More...]

Filed Under: General Tagged: Target

Protect Your Private Keys: Three Easy Steps for Safe Code-Signing

December 19, 2013 by Bruce Morton Leave a Comment

A recent article by the Microsoft malware protection center, “Be a real security pro – Keep your private keys private,” reminded me of some best practices. There are far too many cases of illegitimate code being signed by a stolen private key for legitimately signed code-signing certificates. In these cases, the owners of the private [Read More...]

Can You Spot a Phishing Email?

December 18, 2013 by Entrust, Inc. Leave a Comment

This holiday season, buyers everywhere will flock to the Internet to rack up savings on deals and avoid the hassles of shopping in malls and department stores. Unfortunately, shopping online without using caution can lead to great headaches due to the prevalence of criminal activity. One of the most devastating identity theft techniques comes in [Read More...]

Filed Under: Malware, Mobility, Secure Browsing Tagged: phishing

Top 10 Holiday Scams to Steer Clear of this Season – Part 2

December 16, 2013 by Entrust, Inc. Leave a Comment

This is Part 2 of a two-part series. To read the first post, click here. Top 10 Holiday Scams to Steer Clear of this Season 6. Order shipment notification When doing your holiday shopping, always make sure that the email notification confirming your order shipment is directly tied to the official company of which you [Read More...]

Top 10 Holiday Scams to Steer Clear of this Season – Part 1

December 12, 2013 by Entrust, Inc. 1 Comment

Top 10 Holiday Scams to Steer Clear of this Season You have spent all night looking for the perfect gift online for your spouse, children or significant other. After hours of searching, you finally come across the ultimate package certain to grant you a lifetime pass to the Nice List — two tickets to the [Read More...]

Filed Under: Mobility Tagged: holiday, mobile security

Java Secures Supply Chains through Code Signing

December 11, 2013 by Bruce Morton Leave a Comment

This post was originally published by Bruce Morton & Erik Costlow on the CA Security Council blog. We have recently discussed the benefits of code signing in two posts: Securing Software Distribution with Digital Signatures and Improving Code Signing. These posts covered the role of code signatures as a “digital shrinkwrap” designed to answer a simple question: [Read More...]

Filed Under: Code Signing Tagged: Java, Oracle

SHA-1 Deprecation, on to SHA-2

December 9, 2013 by Bruce Morton 1 Comment

We have previously reviewed implementation of SHA-2, but with Bruce Schneier stating the need to migrate away from SHA-1 and the SHA-1 deprecation policy from Microsoft, the industry must start to make some progress in 2014. Web server administrators will have to make plans to move from SSL and code signing certificates signed with the [Read More...]

Filed Under: SSL, SSL Deployment Tagged: Code Signing, Microsoft, SHA-1
Chris Taylor

Did Google Miss the Mark With Push To Make Passwords Obsolete?

December 2, 2013 by Chris Taylor Leave a Comment

On Saturday, Forbes discussed Google’s 2014 vision to make user-generated passwords obsolete. It’s an initiative that deserves praise and is long overdue. Someone is finally taking strong authentication and identity-based security seriously — particularly in the consumer space. It does, however, come with some caveats. Google is demonstrating that identity-based security solutions are available for [Read More...]