Aktuality

2017 Global Encryption Trends Study

Security News - 25 sek zpět
This twelfth installment of the Global Encryption Trends Study, conducted by the Ponemon Institute and sponsored by Thales e-Security, reveals both deployment plans and pains associated with increasingly aggressive cloud and data protection strategies.

KEY FINDINGS

Strategy and Adoption of Encryption
Trends in Encryption Adoption
Threats, Main Drivers and Priorities
Deployment Choices
Encryption Features Considered Most Important
Attitudes About Key Management
Importance of Hardware Security Modules (HSMs)
Budget Allocations
Cloud Encryption
Kategorie: Aktuality

IoT Needs Embedded Cryptography

Security News - 25 sek zpět
Security is a top concern for the Internet of Things, as essential as low power consumption, affordability, and wireless connectivity.

Because IoT devices are optimized for low power consumption and affordability, many have less than optimal computing resources. The good news is there are several options for using cryptography to make it more difficult for hackers to highjack your living room webcam, video doorbell or car.
Kategorie: Aktuality

Team of Polish and Czech scientists creates prototype quantum money

Security News - 25 sek zpět
One of the most famous more recent quotes about the nature of money is by the fictional Baltimore drug dealer D´Angelo Barksdale in the US series The Wire: “Money be green…” he says, “money feel like money!”, reacting to a scam where a buyer has passed poorly counterfeited bills. Money feels like money… except when it doesn´t. Money of the future will no longer be bills and will not be the digital money of today, either. Scientists at Palacký University in Olomouc have demonstrated that in all likelihood it will be quantum, ultra-secure and impossible to clone.
Kategorie: Aktuality

Let´s Encrypt has issued 15,000 SSL certificates to PayPal phishing sites

Security News - 25 sek zpět
Security experts call on firm to refuse certificates for domains containing popular brand names.

MORE THAN 15,000 SSL certificates have been issued to PayPal phishing sites, according to research from The SSL Store.
Kategorie: Aktuality

Bypassing encryption: “Lawful hacking” is the next frontier of law enforcement technology

Security News - 25 sek zpět
Intelligence agencies are going to find new ways to get access to information stored online.
The discussion about how law enforcement or government intelligence agencies might rapidly decode information someone else wants to keep secret is – or should be – shifting. One commonly proposed approach, introducing what is called a “backdoor” to the encryption algorithm itself, is now widely recognized as too risky to be worth pursuing any further.
The scholarly and research community, the technology industry and Congress appear to be in agreement that weakening the encryption that in part enables information security – even if done in the name of public safety or national security – is a bad idea. Backdoors could be catastrophic, jeopardizing the security of billions of devices and critical communications.
What comes next? Surely police and spy agencies will still want, or even need, information stored by criminals in encrypted forms. Without a backdoor, how might they get access to data that may help them solve – or even prevent – a crime?

Kategorie: Aktuality

Security Innovation Makes NTRUEncrypt Patent-Free

Security News - 25 sek zpět
Security Innovation’s embedded security division, OnBoard Security, a leader in automotive, embedded, and IoT cyber security, announced it is placing all of its NTRUEncrypt patents in the public domain, so that they may be freely used without license or any other restriction. In addition, the company announced that it is encouraging offers to purchase the patent portfolio for its popular quantum-resistant signing algorithm, pqNTRUsign.
Kategorie: Aktuality

Europe to push new laws to access encrypted apps data

Security News - 25 sek zpět
The European Commission will in June push for access to data stored in the cloud by encrypted apps, according to EU Justice Commissioner Věra Jourová.

Speaking publicly, and claiming that she has been pushed by politicians across Europe, Jourová said that she will outline "three or four options" that range from voluntary agreements by business to strict legislation.

The EC´s goal is to provide the police with a "swift and reliable" way to discover what users of encrypted apps have been communicating with others.
Kategorie: Aktuality

WSU mathematician breaks down how to defend against quantum computing attacks

Security News - 25 sek zpět
The encryption codes that safeguard internet data today won´t be secure forever.
Future quantum computers may have the processing power and algorithms to crack them.
Nathan Hamlin, instructor and director of the WSU Math Learning Center, is helping to prepare for this eventuality.
He is the author of a new paper in the Open Journal of Discrete Mathematics that explains how a code he wrote for a doctoral thesis, the Generalized Knapsack Code, could thwart hackers armed with next generation quantum computers.
Kategorie: Aktuality

Time´s up for SHA-1 hash algo, but one in five websites still use it

Security News - 25 sek zpět
Google, Microsoft and Mozilla say they won´t trust anyone who hasn´t migrated.
One in five websites (21 per cent) are still using certificates signed with the vulnerable SHA-1 hash algorithm, according to a new survey.
Reliance on the obsolete hashing technology leaves companies at greater risk of security breaches and compliance problems, certificate management firm Venafi warns.
Venafi´s latest study shows there has been improvement since November 2016, when a third (35 per cent) of websites were still using SHA-1.
Kategorie: Aktuality

Post-Quantum Crypto: Don´t Do Anything

Security News - 25 sek zpět
No Need to Panic, Cryptographers Say; Just Wait for NIST Guidance

There´s good news for anyone worried about the rise of quantum computers and the risk that they could be used to crack modern, public-key crypto systems, thus imperiling the security of much of today´s data, both in transit and at rest. Leading cryptographers advise: Don´t panic, and above all, don´t do anything about it right now.
Kategorie: Aktuality

RSA Conference 2017: From Cryptography to Mysteries of the Universe

Security News - 25 sek zpět
This year´s RSA Conference, which was held Feb. 13-17 in San Francisco, saw more than 43,000 attendees show up to listen to speakers and to learn from vendors about the latest security trends, products and services. Among the annual traditions at the RSA Conference is the Cryptographers Panel, which includes Ron Rivest (the "R" in RSA) and Adi Shamir (the "S" in RSA). The cryptographers are not particularly enthusiastic about the modern state of security, with Shamir claiming that the internet as we know it is broken. Also at the conference, former U.S. National Security Agency (NSA) chief Gen. Keith Alexander talked about how the cloud can help enable a common defense for organizations of all sizes. Meanwhile at a VIP event at the RSA Conference, Michael Dell, CEO of Dell Technologies, spoke about new innovations from RSA as well his company´s broader approach to securing IT assets and information. And at a number of sessions at the conference, Google detailed its approaches to both Android and Gmail security. In this slide show, eWEEK takes a look at some of the highlights of the 2017 RSA Conference.
Kategorie: Aktuality

SHA-1 Has Fallen

Security News - 25 sek zpět
Practical Attack Demonstrated Against Deprecated Cryptographic Hash

„We have broken SHA-1 in practice,“ wrote a group of researchers from the Centrum Wiskunde & Informatica research center in Amsterdam and Google on Feb. 23. A research paper from CWI´s Marc Stevens and Pierre Karpman and Google´s Ange Albertini, Elie Bursztein and Yarik Markov says the group´s so-called „SHAttered attack“ can be used to compromise anything that relies on SHA-1.

Viz komentář:
Kategorie: Aktuality

Google Rolls Out New Cloud Encryption Key Management Service

Security News - 25 sek zpět
The new Google Cloud Platform service will allow enterprises to create, use and rotate encryption keys to protect their data, company says.
Kategorie: Aktuality

PIV-I and Mutlifactor Authentication: The Best Defense for Federal Government Contractors

Security News - 25 sek zpět
In response to an unprecedented level of espionage and cyber attacks aimed at compromising critical government IT infrastructure-from networks to applications-the federal government last year announced new standards. Regulations have been enacted in 2016 to apply these standards to federal contractors and their subcontractors.
Kategorie: Aktuality

GoDaddy revokes 9,000 SSL certificates wrongly validated by code bug

Security News - 25 sek zpět
GoDaddy: Due to a software bug, the recently issued certificate for your domain was issued without proper domain validation, and in accordance with industry standards as a Certificate Authority, we will need to revoke your certificate as a precautionary measure. The certificate will be revoked today (January 10) by 9pm Pacific Time. The software bug that created the issue has been remedied. We continue to closely monitor our system.
Kategorie: Aktuality

What do you call a firm that leaves customer financials unencrypted on a hard drive? RSA

Security News - 13 Duben, 2017 - 15:00
No really. Insurer´s details on 60k people lost forever. A UK insurance business has been fined £150,000 for its lax security practices after a hard drive containing customers´ unencrypted information was stolen. The hard drive disappeared from the offices of Royal & Sun Alliance insurance (ironically it prefers the abbreviation RSA) back in 2015.
Kategorie: Aktuality

Kaspersky torpediert SSL-Zertifikatsprüfung

Security News - 8 Duben, 2017 - 08:30
Der Schreck der Antiviren-Hersteller hat wieder zugeschlagen: Google-Forscher Tavis Ormandy hat diesmal Schwächen im Umgang mit SSL-Zertifikaten bei Kaspersky aufgedeckt. Und das nicht zum ersten Mal.
Kategorie: Aktuality

A prize for “real-world cryptography” was given to programmers behind AES and the Signal app

Security News - 8 Duben, 2017 - 08:30
The first 2017 Levchin Prize recipient was the creator of said encryption, Joan Daemen. Along with his collaborators, Vincent Rijmen and the Keccak team, they are responsible for the development of the AES block cipher and the SHA3 hash function. Daemen was immediately followed by Moxie Marlinspike and Trevor Perrin, who were awarded the 2017 Levchin Prize for their development of the Signal protocol used to encrypt messages in communication systems.
Kategorie: Aktuality
Syndikovat obsah