Entrust at RSA: ‘Pass the Hash’
This entry is part 4 of 12 in the series Entrust at RSA 2014 Jason Soroko, Entrust’s head of malware research, is causing quite the RSA buzz with his latest video presentation: “Pass the Hash.” Outlined in a blog post a few weeks ago, Soroko explains about a lesser-known attack vector that exploits single sign-on [Read More...]
A Few Thoughts After the Gartner Identity and Access Management Summit
Last week, I attended the Gartner Identity and Access Management Summit in Las Vegas with Entrust product manager Dave Mahdi.
How to Digitally Sign Code
Various application platforms support code-signing and provide different tools to perform the signing. Here is a list of the more common code-signing types and references as to where you can find guides for the given application. Adobe AIR Adobe – Digitally signing an AIR file Apple Mac OS X Developer Library – Code Signing and [Read More...]
Microsoft to ban keys less than 1024-bits
For those of you who do not maintain the size of your keys for digital certificates, you’re about to have some problems. Microsoft is not a proponent of small-sized digital keys. Their Windows Root Certificate Program does not allow CAs to issue certificates with keys less than 1024-bits RSA and deprecates keys that are less [Read More...]
Conficker, I Knew We Would Meet Again!
Oh, Conficker. I just knew you’d be back in our lives. Somehow, someway. I recently read an interesting article from SC Magazine, “Thanks to weak passwords, Conficker worm still rampant.” Conficker was a nasty little worm that wreaked havoc for a large number of people; I guess you could argue it still is. It all [Read More...]