How to protect your business from state-sponsored attacks
It has taken some time but we finally have succumbed to the delights of a certain kitchen utensil. Years of resisting George, John, and the seductive talents of Penelope, had left me more determined...
View ArticleUnderstanding the Methodology and Staggering Costs in the Annual Cost of...
Every Global 2000 enterprise faces a total exposure of almost U.S. $400 million over 24 months due to new and evolving attacks on failed cryptographic key and digital certificate management. And...
View ArticleAttack on SSHD!
In recent news SSHD (SSH daemon) backdoors have been all the buzz, though SSHD rootkits are nothing new. What’s interesting with the new SSHD rootkit is the level of sophistication where the ssh,...
View ArticleClik here to view.
Consensus at RSA Conference 2013: “PKI is Under Attack”
At last week’s RSA Conference 2013 in San Francisco, a clear consensus emerged: attacks on the trust established by cryptographic keys and certificates are on the rise and important element in today’s...
View ArticleClik here to view.
Microsoft Azure Outage Reveals Need to Automate Certificate Lifecycle Management
Microsoft is a trusted partner for some of the world’s largest enterprises – providing the software, and now cloud services, they use to build and run their businesses. Unfortunately, like so many...
View ArticleClik here to view.
Amazon’s CloudHSM, a step in the right direction
Earlier this week Amazon Web Services announced their new CloudHSM offering. Essentially the service is a Luna SA appliances offered by SafeNet for each tenant, and can take at least two days to...
View ArticleKeeping Trust Under Control Is the Key to IT Security
Security has its foundation in trust, but trust and control over the source of trust go hand in hand. What happens when a lack of control over the technologies on which trust is built means you can no...
View ArticleThe architects of our own destruction
Caesar, infrastructure, outsourcing and offshoring I never wanted to spend my life in IT. I passed a programming exam at high school because I promised the teacher I would never return. It was the...
View ArticlegTLD security woes – the breakdown of trust
The recent news about the looming generic top-level domain (gTLDs) names that the Internet Corporation for Assigned Names and Numbers (ICANN) is adding has sparked mixed emotions. Dot-anything domain...
View ArticleTRUST, Can You Put a Price On It?
The Ponemon Institute recently published the first-ever research on the cost of losing control of trust—that is, losing control of the cryptographic keys and digital certificates that underlie trust...
View ArticleDo you trust in the internet, are digital certificates the new malware?
Organized criminals are using encryption keys and digital certificates against you on a daily basis. We’ve all come to trust that we securely communicate with websites as we go about our daily online...
View ArticleClik here to view.
Are Your Private Keys and Digital Certificates a Risk to You?
Last month I wrote about the use of digital certificates and encryption keys used nefariously against organizations. In the time it takes you read this blog, 1388 new malicious programs would have been...
View ArticleThe High Financial Costs of Failed Trust
Trust comes at a price. However, while IT security professionals understand this, they often treat trust as an afterthought. As a result, companies suffer the consequences in unexpected recovery costs...
View ArticleClik here to view.
Stop Crimeware That Uses Keys and Certificates Against You
Again and again the news breaks: bad actors have succeeded in infiltrating an organization and stealing data. How did they get in, and how did they evade detection for long periods? Increasingly often,...
View ArticleSSH Keys - Improved Security Controls or Improved Protocol?
As the use of Secure Shell (SSH) keys and related encryption services evolves and expands, security experts question what drives that evolution and are looking for ways to maximize the security...
View ArticleSelf-Signed Certificates-What’s the concern?
Because most advanced persistent threats (APTs) succeed when someone makes an innocent error—clicks that link, runs that Java application—you’re probably looking for ways to train employees to see...
View ArticleClik here to view.
Happy Birthday Black Hat – 16 Years of Attacks
This year Black Hat turns 16. In honor of its longevity, we’ve produced a new report that chronicles the evolution of cyberattacks and methods over the past 16 years. Looking back, the cyberattacks...
View ArticleClik here to view.
Black Hat 2013 Briefings Day 1 Report
The first day of Black Hat was all about the opening keynote: NSA Director General Keith Alexander’s opening stirred emotions but also shared some new insights in to NSA operations. Most interesting...
View ArticleClik here to view.
Black Hat 2013 Briefings Day 2 Report
The last day of briefings at Black Hat 2013 was full of new attacks that every enterprise needs to be aware of. The attacks on the trust that’s established by keys, certificates, and underlying...
View ArticleThe Cybercriminal’s New Weapon: Insights from Forrester Research Every IT...
In the 21st century, there’s probably one certainty in life beyond death and taxes: cybercriminals will use what we’ve trusted against us. From email to online banking, cybercriminals hijack what we...
View Article