Directory —
Technology —
Blog Details for "RSA Security Blog: A Blog for Security Professiona"
RSA Security Blog: A Blog for Security ProfessionaRSA Security Blog: A Blog for Security ProfessionaThe RSA Security Blog, Speaking of Security, features a group of experts, each of whom has knowledge and interest in different areas of the industry: research, developer solutions, engineering and government policy. A Security Blog for anyone seriou Articles
Speaking of Security Podcast #180
2010-03-16 01:00:00 Click to Download/Listen RSA has announced enhancements to its RSA® Data Loss Prevention (DLP) Suite. Hear about them on this week's Speaking of Security podcast. More About: Podcast
The Case for Supply Chain Integrity
2010-03-15 01:00:00 A couple of recent incidents are shedding some light on the complexity of ensuring software code integrity throughout the supply chain. More About: Integrity , Case
A Touch of Reality
2010-03-15 01:00:00 After my Aliens v. Code Breaking blog, I came across something by Tom St. Denis (a fellow Canadian who published TomLib and wrote... More About: Reality , Touch
Is tokenization important in a Chip & PIN world?
2010-03-12 01:00:00 One of the questions I get asked frequently is how tokenization works in countries that use EMV, commonly known as ‘Chip & PIN’. The dialogue usually... More About: World
Speaking of Security Podcast #179
2010-03-11 01:00:00 Click to Download/Listen Colleges and universities in the US are now the latest target for phishing attacks. This week's Speaking of Security podcast discusses this new trend. More About: Podcast
Are you smarter than a PC?
2010-03-10 01:00:00 A lot of hacking is playing with other people, you know, getting them to do strange things. -Steve Wozniak The unexamined life is not worth living -Socrates, Sec 38. My girlfriend Kathleen (who incidentally wants to start a food review blog with me since we've eaten at some amazing places recently)...
The CVV Loophole of Credit Card Fraud is Closed for Business
2010-03-09 01:00:00 One of the things I like to do when interviewing job candidates is to ask them questions about the world of fraud. I don’t expect them to prove that they’re certified fraudsters when they come in, but it can flesh out many paradigms that the candidates may already have. For example... More About: Business , Credit Card Fraud , Card , Credit , Fraud
Aliens v. Code Breaking
2010-03-09 01:00:00 Last week, Andrea Pellegrini, Valeria Bertacco and Todd Austin published "Fault Based Attack of RSA Authentication" (I'll call it FBARA here for ease of reference) as I was boarding a plane to return from... More About: Aliens , Code
Videos from RSA Conference 2010
2010-03-04 01:00:00 See what people are saying about this year's RSA Conference. More About: Videos
Sounding the Depths of the Cloud
2009-12-21 01:00:00 “This is no job for a UN committee. It needs the same kind of unwavering dedication and the kinds of people that got us the first nuclear submarine and the first man on the moon.” - Wilson Greatbatch, inventor of the pacemaker More About: Cloud
All The World's a Stage...and the Internet is an actor
2009-12-16 01:00:00 I saw an article in the New York Times by John Markoff and Andrew Kramer with the title “In Shift, US Talks to Russia on Internet Security,” and this sparked a few thoughts. More About: The Internet
Speaking of Security Podcast #172
2009-12-15 01:00:00 Click to Download/Listen This week's Speaking of Security podcast talks Tokenization. We discuss its advantages over encryption and how it can be applied in healthcare environments. More About: Podcast
It's Your Serve U.S. Senate...
2009-12-11 01:00:00 Well, the old saying – “it’s better late than never” – definitely applies to what the U.S. House of Representatives accomplished on December 8th: the Congress finally passed a bill that would establish baseline data security requirements for organizations that have PII and federal standards for breach notification. More About: Senate
The Community Effect: Security Predictions for 2010 and Beyond
2009-12-11 01:00:00 I am playing to a certain extent with the word “honesty” here. In the statement “honesty is the best policy” I am making a statement about disposition, and in the second the definition of “honesty” changes. If I were to ask if it were an “ethical” policy, the answer is easy: yes it is. More About: Security , Community , Predictions , Effect
Speaking of Security Podcast #171
2009-12-08 01:00:00 Click to Download/Listen Michael Capellas, Chairman and CEO of First Data Corporation discusses the release of the latest Security for Business Innovation Council Report on this week's Speaking of Security podcast. More About: Podcast
The Security Banana – Now is the Time to Elevate Security
2009-12-08 01:00:00 I am still getting asked for predictions on 2010, which I love to a certain extent; but after reading our SBIC report this year, I started to think about what really matters. I’ll go on a little tangent for a moment because I think this story makes some of the Human dimension of security a little more tangible: There is an almost apocryphal* (or perhaps it’s an Urban Legend) story of gorillas in a cage. More About: Security , Banana , Time
VPN Man-in-the-Middle Attacks: Fact or Fiction?
2009-12-07 01:00:00 It seems that just as we move forward in securing our networks, we take two steps back. Or do we? In 2006, the Office of Management and Budget (OMB) required two-factor authentication and VPN technology through the M-06-16 memo. Departments and Agencies moved quickly to deploy both two-factor authentication as well as VPN technology. More About: Fiction , Fact , Middle
A European Take on Cloud Security
2009-12-02 01:00:00 I have practiced information security on both sides of the Atlantic Ocean and I have always been fascinated by the differences between the European and the North American approaches to security. More About: Security , Cloud
What does Cyber Monday mean for you and what should you do?
2009-11-30 01:00:00 It’s Cyber Monday again amazingly enough. For those who don’t know the phrase, it refers to the first Monday post-Thanksgiving (in the US). In the US, Black Friday is the name given to the Friday after Thanksgiving: that’s the day when most retail stores see the most business and “go into the black” due to massive volume.
Speaking of Security Podcast #170
2009-11-30 01:00:00 Click to Download/Listen Why do Hackers hack? Sam Curry, RSA's VP of Product Management discusses the motivation of cyber criminals on this week's Speaking of Security podcast. More About: Podcast
Underage Drinking, McLovin and Authentication
2009-11-24 01:00:00 "Just like getting up in the club with a fake ID. If it don't work, we gonna do it again" from Fight! Smash! Win! by Street Sweeper Social Club Average people are constantly going through authentication challenges without even realizing it. For instance, when most young people attempt to order an alcoholic drink at a bar they are in fact passing an authentication challenge. By producing a driver's license (the credential most people have), security agents (bouncers and bartenders) are checking to see that you are of legal drinking. More About: Drinking , Authentication
Malware Crystal Ball
2009-11-23 01:00:00 "Love of money and nothing else will ruin Sparta"(Life of Lycurgus, Plutarch) I was sitting down to write a blog on predictions for trends in Malware (as a follow up to my Phases of Malware blog) when I saw some interesting “breaking news”: there’s a worm that targets iPhone. More About: Crystal
Curse of the Were-Laptop
2009-11-20 01:00:00 Richmond, Virginia - Sunday 8:00 PM ET The storm outside sent wave after wave of heavy rain drops that banged on the large window, trickling down into the garden bushes below. Distant thunderclaps rolled, making the glass vibrate every other minute, not before the bright flashes of lightning lit Jack's study. More About: Laptop , Curse
Speaking of Security Podcast #169
2009-11-18 01:00:00 Click to Download/Listen This week's Speaking of Security podcast presents an interesting discussion on healthcare data and the fraudster underground. More About: Podcast
Social Networking and the Government -- Weighing the Benefits vs. the Pitfa
2009-11-18 01:00:00 Organizations everywhere have been rapidly adopting the use of social networking tools over the last couple of years and recent data suggests that the use of these tools has exploded exponentially in enterprises during the last six months of 2009. For more on that phenomenon, see this recent story in Government Computer News. During its first year, the Obama Administration has encouraged the adoption of social networking tools by federal government agencies to help increase information sharing, improve collaboration, and foster more transparency in government. More About: Social , Social Networking , Networking
The Heist
2009-11-13 01:00:00 A stealthy hack into a financial system; manipulation of data by exploiting hidden vulnerabilities; an international cash-out operation of gargantuan proportions reminiscent of Al-Qaeda multiple-attack plan. FBI agents working internationally to trace the criminals and bring them to justice. All the elements of a good Hollywood Heist film, except it happened for real.
Deep Inside a Reshipping Scam: Mules Victimized by "Air Parcel Express"
2009-11-12 01:00:00 Since last fall the RSA FraudAction Research Lab has tracked several different reshipping scams engineered by online fraudsters to “Cash Out” merchandise purchased using stolen payment cards through the involvement of mules. We will profile one such scam in-depth – Air Parcel Express –that was discovered by RSA. First we will outline who is involved in a reshipping scam and how they generally operate. More About: Deep , Inside
When Renegotiation is a Bad Thing: MITM Attacks on SSLv3/TLS Protocol
2009-11-12 01:00:00 Over the last few days, an attack against the SSLv3/TLS protocol was made public. The following is my opinion based on public information and industry discussion. TLS is the current version of a protocol that was originally developed by Netscape (under the name of SSL). The protocol was originally developed to secure connections between a web browser and a web server. The protocol has since found application in areas as diverse as protecting email services to virtual private networks. It is the Internet standard for communication between programs running on different machines on the Internet.
The Phases of Malware: The Virus is another year older!
2009-11-10 01:00:00 Having done virus research first hand and having been involved in the industry for nearly 20 years, I am never surprised at the doom saying around viruses. I have also seen (and presented) many different “virus” timelines (like this well-done article from Wired reporter Kim Zetter). Today, I saw another one because it’s November 10th. Why does that day matter? It’s the day that viruses finally got a name, and it was our own Len Adleman (the “A” in RSA) who coined it in 1983. More About: Virus , Malware
Speaking of Security Podcast #168
More articles from this author:2009-11-10 01:00:00 Click to Download/Listen This week's Speaking of Security podcast discusses how to secure your first job, or move into a better one in the IT security industry. Two employment experts talk about how they can help. More About: Podcast 1, 2, 3, 4, 5, 6, 7 |
