What is the most secure way to authenticate electronic data? Until recently,
many technical people would have answered ‘cryptographic keys' without
blinking. But recent headline events - and a ‘biggie' last year - have
raised serious doubts about the ability of cryptographic keys to protect
vital government and corporate data.
Here are two examples from February that should make CIOs, CTOs and CSOs
tremble in their boardrooms: McAfee revoking keys for signing apps on the
Apple store; and stolen keys from Bit9 being used to sign malware.
In the McAfee case, a McAfee administrator revoked (by mistake) the digital
key for certifying desktop apps that run on Apple's OS X, thereby creating
serious problems for customers who wanted to install or upgrade Mac antivirus
The original Arstechnica article (McAfee revoking keys) noted that the
administrator intended ... (more)
Click Here to Download This Whitepaper Now!
For Windows environments, it is critical that organizations can delegate
administration and establish granular privileges quickly and efficiently to
restrict administrators so they only access the servers and resources
required to perform their job and only during the approved times to perform
specific tasks. This white paper examines the security, compliance and
efficiency issues surrounding least privilege management for Windows servers,
and explains where native Windows tools fall short. It then describes how
Centrify's DirectAuthor... (more)
Vancouver-based ENC Security Systems, which is supposed to make "un-hackable"
Encrypt Stick flash drive software, has released an Encrypt Stick 5.0 Private
Browser, a digital privacy browser that it claims is the safest way to browse
Its timing couldn't be better considering the Federal Trade Commission is now
backing the development of a Do-Not-Track system for web that's got the
online ad people worried about their $23 billion sector and claiming it will
mean the end of free content and Firefox revisiting a Do-Not-Track mechanism
after Mozilla, pressured by an ad... (more)
Last week, we saw that Defensive Security is not enough to solve the $1
trillion Intellectual Property and IT theft and cybercrime problem.
This week, more about Preventive Security.
Preventive Security is a set of technologies and processes used to prevent
security incidents from even being attempted. These include awareness and
training programs, establishment of proper policies and procedures and the
use of technology solutions in support of existing laws.
In fact, this is not very different from "regular" crime and how we deal with
it. We arm ourselves with the means to catch ... (more)
Since launching ThreatConnect.com, Cyber Squared's Intelligence Support Team
has become more effective in managing, analyzing and sharing our Threat
Intelligence. While understanding the threat remains one of our core
requirements, we have also begun to fill a key gap that, we feel, many within
the industry are failing to address.
Providing effective Threat Intelligence requires more than just
characterizing the threat from a technical perspective. Instead, you must
strike a balance between providing technical context as well as non-technical
relevancy to the victim. Industry ... (more)
Every business acknowledges that network security is critical. But how do you
quantify the business value that a secure network provides? And how does an
enterprise evaluate and justify investing in network security products like
next-generation firewalls, intrusion prevention systems and unified threat
While there is no exact formula or "cost of attacks" calculator, there are
some useful guidelines and research studies that can provide techniques and
resources for IT managers to develop their own cost model. There are three
core areas that are important f... (more)