Tag Archives: RSA

Dual-EC DRBG Concerns Hit Media Again

December 23, 2013 by Tim Moses     1 Comment

NIST’s withdrawn special publication 800-90A is back in the news. This time, it’s due to an allegation carried by Reuters that RSA Data Security was paid by the NSA to make the dual-EC (elliptic curve) variant the default deterministic random-bit generator algorithm, or DRBG, in its commercial toolkit product. RSA has denied the allegation. Random-bit generation [Read More...]

Filed Under: General Tagged With: NIST, RSA

SSL News from Black Hat and DEF CON 2013

September 17, 2013 by Bruce Morton     No Comments

Every year we review some of the presentations at Black Hat and DEF CON that discuss SSL, TLS and HTTPS. Here is the list from 2013. The Factoring Dead: Preparing for the Cryptopocalypse Download: Slides by Alex Stamos, Tom Ritter, Thomas Ptacek and Javed Samuel This presentation looked into the recent leaps in solving discrete [Read More...]

Filed Under: SSL, SSL Deployment Tagged With: Breach, C.R.E.A.M., DEF CON

Entrust withdraws from CA/B Forum

August 9, 2012 by Jon Callas     No Comments

Entrust has a long history with the CA/Browser Forum. We are one of its founding members, and have worked closely with it since its founding. Sadly, we have had to leave the Forum along with nearly 40% of its membership including other companies such as IdenTrust, Network Solutions, RIM, RSA and T-Systems. Even worse, this [Read More...]

RSA Key Generation Flaw Does Not Affect Entrust Certificates

February 16, 2012 by Jon Callas     1 Comment

The New York Times published an article by John Markoff a couple days ago, “Flaw Found in an Online Encryption Method.” Sadly, the article is behind the Times paywall. Irritatingly, it’s a very good article except for the headline, which is wrong. The flaw isn’t found in the encryption, but in some key generation. A [Read More...]

Filed Under: EV SSL, SSL, SSL Deployment Tagged With: Ben Laurie, crypto, cryptography

Leveraging Consumerization Concepts to Combat Security Threats

February 15, 2012 by Mike Byrnes     No Comments

Let me be clear right up front. Yes, cybersecurity threats are real. Yes, they are growing in volume and in sophistication. And, yes,  they are the root of the problem. BUT, one of the underlying frustrations I have with the cyber-threat situation is that, in general, many organizations remain anything but creative and strategic when [Read More...]

Does RSA understand what happened to them?

January 20, 2012 by Jon Callas     No Comments

Blogmaster Note: This was originally posted on January 18,  2012 to ComputerWorld UK’s Security Spotlight Blog . This was not just an attack on RSA, it was an attack on all of us. In Tim Greene’s article, “RSA security breach has silver lining, says CEO,” he quotes Art Coviello as saying “…we were able to [Read More...]

Filed Under: General, Identity Assurance Tagged With: RSA, RSA breach, SecurID

No such thing as a free lunch… particularly when dealing with a security breach.

July 25, 2011 by Mike Byrnes     No Comments

As most of you are well aware, as a remedy to try and help its customers, RSA is offering “free” tokens to replace their compromised devices.  Well, they’re really not free tokens; what RSA is willing to do is provide a new token with a limited-time license based on the remaining life span of a customer’s compromised [Read More...]

Filed Under: Identity Assurance Tagged With: bank fraud, RSA

Letter to Compliance Week Editor Regarding Data Breach at Security Firm Could Make Others Vulnerable Article

July 15, 2011 by Bill Conner     No Comments

Blogmaster Note: This is a letter to the editor of Compliance Week in reference to its article titled “Data Breach at Security Firm Could Make Others Vulnerable” written for the site by Karen Kroll on June 21. To the Editor: Earlier this month, I was interviewed by your reporter, Karen Kroll for the June 21 [Read More...]

RSA got you down, Maybe it’s time to Trade Up!

July 14, 2011 by Dave Rockvam     No Comments

As we all have seen in the media, as well as heard from our customers, cyberthreats are an escalating problem for enterprises, financial institutions, governments and even individuals. These threats are as basic or as sophisticated as necessary to perpetrate the desired outcome of those doing the attacks.

The Time is Now

July 13, 2011 by Dave Rockvam     No Comments

Today, Entrust announced a hard token replacement program for organizations switching to Entrust IdentityGuard

Filed Under: Identity Assurance, Mobility Tagged With: Breach, IdentityGuard, mobile