Encryption Articles

Showing Articles: 19 of 9

Dec 8 2014

Cooler Heads Will Prevail

When thinking of IT security trends, I don’t think I would be on the wrong track if I would dub the year 2014 as “The Year of Open Source Vulnerability”. In the same vein, past couple of years could be called “The Year of Snowden” and “The Year of Multiple Web Site Breaches which Resulted in Millions of Stolen Credit Card Numbers”, in no particular…

Keep Reading

Nov 11 2014

A Video Is Worth a Million Words

It is a well-known fact that system administrators with root-level privileges have wider access to company’s critical information assets than the C-level executives. With great power comes great responsibility, and most people will also act responsibly. But as an information security officer, would you trust this power and responsibility to someone you cannot identify or whose actions you cannot verify…

Keep Reading

Jul 23 2014

Snowden Calls On Employees To Leak Company Secrets

During the Hackers On Planet Earth (HOPE) conference, Edward Snowden and Daniel Ellsberg called on insiders (employees) to spill corporate and government secrets.  Snowden is calling for the development of encryption and obfuscation tools to make this easier. The goal is to anonymously expose malfeasance without any repercussions. They believe that people should be able to do this without paying any price and without being held accountable. Superficially this all sounds like a good idea, but who gets to decide what should be leaked or stolen and what constitutes improper behavior?  What else could be leaked or…

Keep Reading

May 28 2014

Identity & Access Management: Don’t get Death Starred!

Many things seem impenetrable until a “small vulnerability” is exploited. The phrase “small vulnerability” almost sounds like an oxymoron when you think about it.  Take the fable of one Luke Skywalker and the Death Star.  In the story Luke exploited a small two-meter-wide thermal exhaust port in the Death Star’s design to destroy the ultimate weapon and break the back of the Galactic Empire in their moment of triumph. To make matters worse the Empire was warned about this “small vulnerability”, but the Galactic bureaucrats reasoned that the risk was small and the whistleblowers were overestimating rebels’ chances…

Keep Reading

May 19 2014

Just A Heartbleed Away: The Dirty Little Secret in IT Security is Creating A Major Risk

One of the major lessons learned from the Heartbleed Bug is just how vulnerable critical IT components, like encryption, are. The potential impact of these vulnerabilities can be severe and far-reaching. To make matters worse, a lack of management controls and visibility, especially in ubiquitously deployed software, enables cyber criminals…

Keep Reading

Apr 10 2014

SSH Communications Security Comments on Heartbleed Vulnerability

Key Facts: 

  • SSH Communications Security’s products are not affected by the Heartbleed flaw. Customers are advised to patch any server where the vulnerable OpenSSL software is installed.
  • Due to the pervasive nature of the Heartbleed vulnerability, the length of time the flaw has been in place and the broad access that an attacker could potentially obtain, SSH Communications Security is recommending that all Secure Shell keys used to establish trust relationship with affected systems should be changed immediately after the Heartbleed patch has been installed, and should be a part of your organization’s standard remediation…

Keep Reading

Mar 4 2014

RSA Conference 2014 Wrap Up

This year’s RSA Conference 2014 was filled with energy and great insights as well as controversy. Here are a few of the trends and topics that I saw at this year’s show.

Energy: Encryption and access controls are up there at the top of the list
There was a huge uptick in the overall energy at the show. Our booth was inundated with people asking questions and wanting to learn more about our…

Keep Reading