Updated SSL/TLS Deployment Best Practices
First, I would like to than Ivan Ristic for his development of the SSL/TLS deployment Best Practices document. This is a simple overview of what a Web server administrator should consider in an SSL deployment. I am also looking forward to Ristic’s book, “Bulletproof SSL/TLS and PKI,” which hopefully will be released sometime soon. Version [Read More...]
SSL News from Black Hat and DEF CON 2013
Every year we review some of the presentations at Black Hat and DEF CON that discuss SSL, TLS and HTTPS. Here is the list from 2013. The Factoring Dead: Preparing for the Cryptopocalypse Download: Slides by Alex Stamos, Tom Ritter, Thomas Ptacek and Javed Samuel This presentation looked into the recent leaps in solving discrete [Read More...]
Twitter Latest Victim of Weak Password Breach
Today, it’s Twitter who fell victim to a breach from weak passwords
Sophos Breach Tied to Partner Portal
Security Week reports in, “Sophos Kills Partner Portal After Suffering Breach” that the security firm Sophos has disabled its partner portal after discovering a breach. They aren’t saying much yet — kudos to them for their disclosure and response — but they think that the breach came from an older part of their portal, and [Read More...]
Potential Breach Affecting VISA, MasterCard — EMV Won’t be Here Soon Enough
Brian Krebs scooped a major story yesterday about a potential major credit card breach at a U.S.-based payment processor affecting both VISA and MasterCard. The news made headlines across top media outlets for good reason: this is NOT the first major credit card breach. 2011 saw a wrath of breaches including Epsilon and Sony, not [Read More...]
Does RSA understand what happened to them?
Blogmaster Note: This was originally posted on January 18, 2012 to ComputerWorld UK’s Security Spotlight Blog . This was not just an attack on RSA, it was an attack on all of us. In Tim Greene’s article, “RSA security breach has silver lining, says CEO,” he quotes Art Coviello as saying “…we were able to [Read More...]
RSA got you down, Maybe it’s time to Trade Up!
As we all have seen in the media, as well as heard from our customers, cyberthreats are an escalating problem for enterprises, financial institutions, governments and even individuals. These threats are as basic or as sophisticated as necessary to perpetrate the desired outcome of those doing the attacks.
The Time is Now
Today, Entrust announced a hard token replacement program for organizations switching to Entrust IdentityGuard
When things are moving just a bit too quickly. . . the whirlwind of data breaches!
I’ve just coined a new term – at least I think I can take credit for it – and remember, you heard it here first: “Breach Speed” . I derived it from the dramatic speed at which data breaches are occurring. Borrowing from the Urban Dictionary, I’d see it something like this: Breach Speed: A [Read More...]
Pay for a secure Internet ID? Perhaps the time has come.
“Wow – 77 million PlayStation accounts hacked – that’s huge! Dad , did you see this internet fraud story?” My 13 year old is not a big gamer nor does he care that much about internet fraud (though he is a good sounding board when I am working through issues), but when he saw the [Read More...]