Menu

Blogs

Showing Blog Posts: 1–10 of 27 tagged Encryption

  • How We Foiled Ransomware and Got the Files Back

    by RSAC Contributor on June 5, 2015

    Derek Soeder is a senior threat researcher at Cylance. In this post, Soeder discusses how he and his team reverse engineered ransomware to recover the password used to encrypt client files. In the interest of length, some of the technical steps the team took have been omitted from this story. Read on to find out just what Soeder had to do to retrieve client data being held hostage by ransomware. In…

  • Effective Database Cloud Security: The Holy Grail of Every Company

    by Christopher Burgess on May 22, 2015

    Enterprises rely on metrics to track where they are and where they're heading. Databases have three: availability, accessibility, security. The latter—securing data at rest and in motion while users engage with the data—is still a challenge for many organizations. Database cloud security is still a relatively new concept, and isn't always easy to grasp. It was already complex for many C-suite…

  • Pick Out Your Peer-2-Peer Sessions for RSA Conference

    by Fahmida Y. Rashid on April 17, 2015

    If you are interested in sitting in a room digging into a specific security topic with other people, the Peer-2-Peer sessions are for you. The goal is to get peers—people in other organizations with similar job functions and roles—in one place so that everyone can share what they are doing and have learned. Wondering which conversation will be the most relevant to your job role and concerns? We…

  • Which Peer-2-Peer Session at RSAC 2015 Interests You?

    by Fahmida Y. Rashid on April 15, 2015

    Have you checked out a Peer-2-Peer session yet? In a Peer2Peer session, you explore a specific security topic with other like-minded peers and a facilitator. There are quite a few sessions, covering enterprise defense, incident response, and privacy, just to name a few. We asked each session facilitator to provide a short summary to help you decide which session will be the most relevant to your…

  • Securosis Guide: Data Security

    by Securosis Team on April 13, 2015

    This post is part of a multi-part series about the Securosis Guide to the RSA Conference (download the RSAC-G PDF). Please scroll to the bottom for links to other posts in the series. Data security is the toughest coverage area to write up this year. It reminds us of those bad apocalypse films, where everyone runs around building DIY tanks and improvising explosives to "save the children," before…

  • Bulletproof SSL and TLS

    by Ben Rothke on November 24, 2014

    If SSL is the emperor’s new clothes, then Ivan Ristic in Bulletproof SSL and TLS has shown that perhaps the emperor isn't wearing anything at all. There is a perception that if a web site is SSL secured, then it’s indeed secure. Read a few pages in this important book, and the SSL = security myth is dispelled. For the first 8 of the 16 chapters, Ristic, one of the greatest practical SSL./TLS…

  • Security in the Cloud? Your Questions and Cloud Resources

    by Christopher Burgess on October 16, 2014

    The "cloud" is a nebulous concept. The "private cloud" is not as clearly defined as the "public cloud," but it is still confusing. Of course, we have a long list of questions regarding the cloud, but it's important to ask questions specifically about how cloud data is stored and kept secure. Resources to secure the cloud are plentiful. Here are some of the most important questions organizations…

  • Keeping Private Data Private: Tips and Tricks

    by Joshua Marpet on July 4, 2014

    Companies produce data. Some of it is public data, some private data. The classification of data into public and private is important, but right now, the means to keep data private is incredibly important as well. Keeping data private is a process. It starts with examining the use cases for the data. Is this piece of information going to be used every day? Or does it just need to be stored in…

  • Security without Obscurity: A Guide to Confidentiality, Authentication and Integrity,

    by Ben Rothke on June 16, 2014

    Having worked at the same consulting firm and also on a project with author J.J. Stapleton (yes, that was full disclosure); I knew he was a really smart guy. In Security without Obscurity: A Guide to Confidentiality, Authentication and Integrity, Stapleton shows how broad his security knowledge is to the world. When it comes to the world of encryption and cryptography, Stapleton has had his hand…

  • Hacking Point of Sale: Payment Application Secrets, Threats, and Solutions

    by Ben Rothke on May 26, 2014

    The only negative thing to say about Hacking Point of Sale: Payment Application Secrets, Threats, and Solutions is its title. A cursory look at it may lead the reader that this is a book for a script kiddie, when it is in fact a necessary read for anyone involved with payment systems. The book provides a wealth of information that is completely pragmatic and actionable. The problem is, as the…

This document was retrieved from http://www.rsaconference.com/blogs on Wed, 01 Jul 2015 23:37:57 -0400.
© 2015 EMC Corporation. All rights reserved.