Dual-EC DRBG Concerns Hit Media Again
NIST’s withdrawn special publication 800-90A is back in the news. This time, it’s due to an allegation carried by Reuters that RSA Data Security was paid by the NSA to make the dual-EC (elliptic curve) variant the default deterministic random-bit generator algorithm, or DRBG, in its commercial toolkit product. RSA has denied the allegation. Random-bit generation [Read More...]
SSL News from Black Hat and DEF CON 2013
Every year we review some of the presentations at Black Hat and DEF CON that discuss SSL, TLS and HTTPS. Here is the list from 2013. The Factoring Dead: Preparing for the Cryptopocalypse Download: Slides by Alex Stamos, Tom Ritter, Thomas Ptacek and Javed Samuel This presentation looked into the recent leaps in solving discrete [Read More...]
Entrust withdraws from CA/B Forum
Entrust has a long history with the CA/Browser Forum. We are one of its founding members, and have worked closely with it since its founding. Sadly, we have had to leave the Forum along with nearly 40% of its membership including other companies such as IdenTrust, Network Solutions, RIM, RSA and T-Systems. Even worse, this [Read More...]
RSA Key Generation Flaw Does Not Affect Entrust Certificates
The New York Times published an article by John Markoff a couple days ago, “Flaw Found in an Online Encryption Method.” Sadly, the article is behind the Times paywall. Irritatingly, it’s a very good article except for the headline, which is wrong. The flaw isn’t found in the encryption, but in some key generation. A [Read More...]
Leveraging Consumerization Concepts to Combat Security Threats
Let me be clear right up front. Yes, cybersecurity threats are real. Yes, they are growing in volume and in sophistication. And, yes, they are the root of the problem. BUT, one of the underlying frustrations I have with the cyber-threat situation is that, in general, many organizations remain anything but creative and strategic when [Read More...]
Does RSA understand what happened to them?
Blogmaster Note: This was originally posted on January 18, 2012 to ComputerWorld UK’s Security Spotlight Blog . This was not just an attack on RSA, it was an attack on all of us. In Tim Greene’s article, “RSA security breach has silver lining, says CEO,” he quotes Art Coviello as saying “…we were able to [Read More...]
No such thing as a free lunch… particularly when dealing with a security breach.
As most of you are well aware, as a remedy to try and help its customers, RSA is offering “free” tokens to replace their compromised devices. Well, they’re really not free tokens; what RSA is willing to do is provide a new token with a limited-time license based on the remaining life span of a customer’s compromised [Read More...]
Letter to Compliance Week Editor Regarding Data Breach at Security Firm Could Make Others Vulnerable Article
Blogmaster Note: This is a letter to the editor of Compliance Week in reference to its article titled “Data Breach at Security Firm Could Make Others Vulnerable” written for the site by Karen Kroll on June 21. To the Editor: Earlier this month, I was interviewed by your reporter, Karen Kroll for the June 21 [Read More...]
RSA got you down, Maybe it’s time to Trade Up!
As we all have seen in the media, as well as heard from our customers, cyberthreats are an escalating problem for enterprises, financial institutions, governments and even individuals. These threats are as basic or as sophisticated as necessary to perpetrate the desired outcome of those doing the attacks.
The Time is Now
Today, Entrust announced a hard token replacement program for organizations switching to Entrust IdentityGuard