Several Universities Face Cybersecurity Siege
A series of data breaches at large universities has called attention to the need for strong data encryption measures across enterprises.
Bogus SSL Certificates
Netcraft has published an article stating they have found many bogus SSL certificates. In this case, a bogus certificate is self-signed (i.e., not issued from a legitimate certification authority) and replicates an SSL certificate of a large, popular website. This type of bogus SSL certificate could be used for a man-in-the-middle (MITM) attack. In this [Read More...]
Digital Certificates: How they Secure Consumer-Level Devices, Identities
The modern home is connected to the online world today more than ever. Now, everything from toaster ovens to toilets are IP-enabled. The phenomenon is called the Internet of Things, and we are currently starting to see the beginning of a massive worldwide adoption of it. What can Digital Certificates Protect? • Gaming consoles • [Read More...]
Digital Certificates: Strengthening Security in the Enterprise
Upon first glance, a utility meter might seem like the furthest thing from a security threat than you could imagine. After all, what harm could come from a device that measures the amount of electricity or gas your building consumes? The reality is, however, that in today’s ultra-connected world, this type of naive thinking could [Read More...]
The Edward Snowden Story Calls For Understanding of Encryption, Strong Identity
This entry is part 2 of 2 in the series The Snowden Papers: Lessons to be LearnedEntrust’s Approach and View of Cryptography There has been tremendous press coverage over the last week or two about cryptographic systems and threats to their security. I want to take some time to share how Entrust, as a global [Read More...]
NSA Leaks Uncover Legitimate Surveillance Concerns, But Cryptographic Systems are Not One of Them
This entry is part 1 of 2 in the series The Snowden Papers: Lessons to be LearnedIntelligence Services Disclosures and the Impact on Information Security The Washington Post and other media outlets have provided extensive coverage of allegations made by Edward Snowden concerning some of the NSA’s surveillance programs. The allegations include: The NSA has [Read More...]
Digital Certificates on Your Phone?
It’s not a Peyton Manning TV spot, but it’s certainly more important to the security of your identities. In Entrust’s recent infographic, “Mobile Security: Perception vs. Reality,” a third-party study found that 38 percent of enterprises have or plan to implement mobile device certificates in 2013. But there is also the myth that certificate-based identities [Read More...]
Why Do I Need UC Multi-Domain SSL Certificates?
This certificate is sometimes called unified communications certificate (UCC), multi-domain certificate or multi-SAN certificate. In this posting, we will call them UCC or UC certificate. The unique feature of the UC certificate is that it takes full advantage of the subject alternative name (SAN) field. In doing so, the issuer allows the certificate subscriber to [Read More...]
Which Mobile Device Do I Trust?
Whether it’s through the constant use of passwords, answering security questions online or verifying an address over the phone, most people understand the importance of authenticating identities. But this theory also is critical to verify the identities of mobile devices connecting and interacting with a secure network. Today, organizations require a methodical and proven solution [Read More...]
Alan Turing Notes on Cryptography Released
Are there any insights left to be wrung from the code breaker’s papers?
Chris Vallance of the BBC reports that GCHQ has released some of Alan Turing’s papers on the theory of code breaking. They’re not on display at the National Archives at Kew. I’ve checked the web pages of the Archives and GCHQ, and there is as of my writing nothing up there, yet.
The two papers are titled, The Applications of Probability to Crypt” and Paper on the Statistics of Repetitions. They discuss the use of mathematics to cryptanalysis. This might seem a bit obvious now, but at the time cryptanalysis was largely done by smart people and not by machines. A code-breaker was more likely someone who was good at solving complex crossword puzzles than working with numbers. It was unusual to bring in someone like Turing to a cryptology lab.