Key Management Articles

Showing Articles: 110 of 10

Oct 1 2014

Heartbleed and Shellshock – Different Vulnerabilities, Same Lesson

Just last month we hosted a webinar called “Heartbleed – You Stopped the Bleeding but Did You Fix the Problem?”. Heartbleed allows an attacker to retrieve the contents of memory from vulnerable servers. As a result, any private credentials that might have been resident in memory can no longer be considered private. That is why many enterprises and public facing web services advised their users to change their…

Keep Reading

Aug 18 2014

Black Blob of Death Threatens Data Center Security

Researchers at SSH Communications Security recently uncovered a serious security vulnerability that impacts data centers in the vast majority of banks and financial institutions. Okay, so admittedly, it almost sounds like a story from The Onion or some made up news by a bored blogger. But this really isn’t a satirical post about the over-hyping of security issues or fake news. The Black Blob of Death is…

Keep Reading

Jul 6 2014

The Mainframe and IDM

Identity Management Projects always result in lower costs and Streamlined Security Administration.

Where have you heard that one before?

Since the mid 1990's there has been a talent drain in the Mainframe Security Administration field.   Concerned IT Management, looking for ways of filling the void basically figured that automating User Provisioning and Credentials could fill the void. To meet the Customers needs Large Software Companies developed centralized Identity and Access management tools. In terms of the Mainframe it meant putting a common Windows GUI in front of ACF-2 Top secret and RACF for inexperienced Administrators to drag and drop ID's and…

Keep Reading

Jul 3 2014

Backdoor SSH Root Key Snafus Much More Common Than You Think

It appears as though a hard-wired Secure Shell private key has created a bit of a kerfuffle for folks running Cisco's VoIP manager This one made it in the headlines but because the affected system was identified and limited in scope to a single product line, remediation steps can be quickly undertaken and the impact minimized. Now imagine if an entire data center had unknown or misplaced private keys floating about. Well, it is more common than you think and the risks are far greater because it’s not just a single product that has the issue, every server in your environment has the…

Keep Reading

May 19 2014

Just A Heartbleed Away: The Dirty Little Secret in IT Security is Creating A Major Risk

One of the major lessons learned from the Heartbleed Bug is just how vulnerable critical IT components, like encryption, are. The potential impact of these vulnerabilities can be severe and far-reaching. To make matters worse, a lack of management controls and visibility, especially in ubiquitously deployed software, enables cyber criminals…

Keep Reading

May 8 2014

Invisible at Infosecurity Europe 2014? Definitely Not

The major tube strike that was conducted in London during the first two days of Infosecurity Europe 2014 didn’t seem to have had an impact on the visitors count. Held from April 30 to May 1 at Earl’s Court, Infosecurity Europe is the biggest IT Security related exhibition in Europe, and supposedly brought close to 15,000 visitors there this year. And of course, we participated with a stand and speaking sessions, not to miss out on the opportunity to meet up with customers and…

Keep Reading

Apr 10 2014

SSH Communications Security Comments on Heartbleed Vulnerability

Key Facts: 

  • SSH Communications Security’s products are not affected by the Heartbleed flaw. Customers are advised to patch any server where the vulnerable OpenSSL software is installed.
  • Due to the pervasive nature of the Heartbleed vulnerability, the length of time the flaw has been in place and the broad access that an attacker could potentially obtain, SSH Communications Security is recommending that all Secure Shell keys used to establish trust relationship with affected systems should be changed immediately after the Heartbleed patch has been installed, and should be a part of your organization’s standard remediation…

Keep Reading

Mar 17 2014

Key Based Trust from a Process-Driven Goalkeeper's Perspective

Like for any goalkeeper, the worse thing - other than a torn ACL - is getting scored on. During my playing days, I was obsessed with the concept of how to organize my defense in a way to minimize goals against as well as minimize opportunities of my opponents. My teammates used to joke and wonder how I played at the level I did. I was not particularly fast or strong, did not have particularly great hands and was not super athletic in any way. But I was quite good at programming my defense and midfield to run a repeatable process to make it very difficult for opponents to penetrate. Unlike soccer, where you are most likely going to get scored on at some point, businesses must keep a zero goals against average for their entire…

Keep Reading

Feb 11 2014

APT The Mask (aka Careto) Targets Secure Shell Keys

Kaspersky Labs recently revealed the details of a sophisticated APT named “The Mask” or by its Spanish name “Careto”. The Mask is known to have infected at least 380 unique victims in over 31 countries. In operation since 2007, the primary targets of this APT are government institutions, diplomatic offices, energy companies, research institutions, private equity firms and political activist organizations. The sophistication and targets of the APT suggest it is the work of nation-state actors as opposed to criminal…

Keep Reading