SSL Review: March 2014
Here is a monthly SSL review of discussions about SSL (and possibly other digital certificates) from the last month. Entrust Identity ON discussed the following: Always-ON SSL Moving to TLS 1.2 Bogus SSL Certificates OCSP Stapling Apple SSL Bug CA Security Council discussed the following: Always-On SSL, Part II Ten Steps to Take If Your [Read More...]
Apple SSL Bug: Test Your Vulnerability, Fix Available Soon
On Friday, Feb. 21, Apple issued a security bulletin for iOS 7.0.6. There was not much detail in the bulletin, but it did state that the impact was “An attacker with a privileged network position may capture or modify data in sessions protected by SSL/TLS.” The problem is the result of a coding error where [Read More...]
iPhone 5s Gains Biometric Authentication via ‘Touch ID’ Home Button
Biometric security is once again moving to the forefront of mobile technology. During Apple’s unveiling of the new iPhone 5s today, one of the newest features is the introduction of a fingerprint reader to add consumer-level biometric authentication. It is the first major U.S.-based mobile manufacturer to incorporate a fingerprint scanner since Motorola released the [Read More...]
Android SSL Problems
There have been a lot of articles written recently about Android SSL problems for applications, which were recently reported by German university researchers.
Layered Security USING your Mobile Device
A natural extension to my last post, I find it interesting that most people intuitively see the need to secure mobile devices, applications and transactions, but they are likely unaware of the incredible power and convenience mobile devices present in terms of serving as a security device themselves. Increasingly, mobile devices are used for more [Read More...]
Security Hardening iPhones and iPads
Blogmaster Note: This was originally posted on April 12, 2012 to ComputerWorld UK’s Security Spotlight Blog. BYOD, or “Bring Your Own Device” is one of the IT trends that I’m sure you know about, if not by that name. Driven by the users themselves, who go out and get cool new kit — iOS, Android, their [Read More...]
Apple’s UDIDs – Rejected for App Developers?
I recently read two interesting posts on this subject — one from GigaOM and another from Gartner’s Avivah Litan. Both posts talk about Apple’s recent rejections of apps using the UDID (unique identification number) on iPhones/iPads. The lead issue here is likely related to privacy. As the GigaOM posting pointed out, the UDID can be [Read More...]
Easier, Better Identities on the Horizon
Blogmaster Note: This was originally posted on January 17, 2012 to AVISIAN’s NFC News site . One of the most exciting things that will happen in the next year or two is the confluence of a few major trends. It’s exciting because, together, they promise to make security and identity better and more manageable than [Read More...]
Near-Field Communication (NFC): What is it? Why Should You Care?
This entry is part 2 of 5 in the series Consumerization & NFCWhat is NFC? According to Wikipedia, NFC — no, not the NFL’s National Football Conference — “allows for simplified transactions, data exchange, and wireless connections between two devices in close proximity to each other, usually by no more than a few centimeters.” Sounds [Read More...]
Remembering Steve Jobs
Blog Master Note: Please note that Jon Callas refers to Steve Jobs as SJ throughout this post. This is how Steve Jobs was referred to by those inside Apple. I was out to dinner when the news came in last night that SJ died. It was a shock, but not a surprise. I expected him [Read More...]