The latest technologies and best practices to secure local, virtual, cloud, and hybrid networks.
Digital certificates lie at the heart of Public Key Infrastructure (PKI) security technologies such as encrypted email, document signing, VPN access, server SSL authentication, and software code signing. Certificates are a vital part of PKI because they provide a means to establish the ownership of an encryption key. If you have someone else’s public…
According to KrebsOnSecurity’s Brian Krebs, a 2010 FBI cyber intelligence bulletin reported that cyber attacks on smart meters have already cost a single electric utility in Puerto Rico, the Puerto Rican Electric Power Authority, as much as $400 million a year. “The FBI warns that insiders and individuals with only a moderate level of computer…
Exploits that take advantage of SQL Injection (SQLi) vulnerabilities in software are among the most dangerous and prevalent attacks on the Internet today. In a SQLi attack, hackers typically take advantage of security flaws in web application software to pass malicious commands to a database back-end. A SQLi vulnerability can potentially enable an attacker to…
The numbers are staggering. About 750 million airline passengers must remove their shoes every year because one lone nut, Richard Reid (now a resident of a supermax prison in Colorado), once tried to blow up a plane with a shoe loaded with Pentaerythritoltetranitrate (PETN). The hordes of stamping stockinged feet notwithstanding, PETN is not detectable…
Full-disk encryption (FDE) used to be a software-only proprietary solution. But over the past couple of years, a hardware based hard drive standard has emerged in the form of Opal Security Subsystem Class, or just Opal for short. Developed by the Trusted Computing Group (TCG), a not-for-profit international standards organization, Opal is used for…
Call Ondrej Krehel the poster boy for the password problem that is confronting all of us. Password protection on corporate servers is proving to be dangerously porous — think Sony, Citigroup, even RSA Security — and that ups the pressure on every user to use a unique password with each website and Web service. That…
Before you sell or get rid of your computers—whether working or not—you should clean them of sensitive documents and data. To be completely safe, you should do this even if you plan on keeping them around in your garage or a closet. You never know who will get their hands on your old computers.…
Critical software vulnerabilities are increasing being found — not in the operating system — but in applications and major databases. The information comes out of a new quarterly report, the Top 20 Internet Security Vulnerabilitiesfrom the SANS Institute, a major source of security training and certification based in Bethesda, Md. Analysts from SANS had been…