Blogs

Showing Blog Posts: 1–10 of 647

  • Bulletproof SSL and TLS

    by Ben Rothke on November 24, 2014

    If SSL is the emperor’s new clothes, then Ivan Ristic in Bulletproof SSL and TLS has shown that perhaps the emperor isn't wearing anything at all. There is a perception that if a web site is SSL secured, then it’s indeed secure. Read a few pages in this important book, and the SSL = security myth is dispelled. For the first 8 of the 16 chapters, Ristic, one of the greatest practical SSL./TLS…

  • Network Intrusion: NIDS and Detection

    by Robert Moskowitz on November 24, 2014

    Network intrusions—any unauthorized activity on a computer network—utilize network resources that can be better used for other, authorized, purposes. They threaten the security of the network and data. There are a variety of ways to detect an intrusion, including monitoring network logs, sniffing network traffic, and real-time filtering for specific network events. At a minimum, network security…

  • Which Is It: Privacy vs. Security, or Privacy and Security?

    by Christopher Burgess on November 21, 2014

    The age-old question: is it "privacy vs. security" or "privacy and security"? This year, we’ve seen data breach after data breach affecting companies of all sizes and across all industries. We’ve also seen victims grapple with privacy headaches in the aftermath. It would seem, then, that security and privacy are intertwined. But when considering the users and how they interact with company data, …

  • Registration is Now OPEN for RSA Conference 2015!

    by Linda Gray on November 20, 2014

    The holidays are fast approaching and that means another year has flown by. For everyone here at RSA Conference, that also means it’s crunch time as we prepare for the 2015 event. With that, we’re excited to announce registration for RSA Conference 2015 is now open! Be sure to mark your calendars – this year’s event is April 20-24 at our usual location in San Francisco’s Moscone Center. Each year, …

  • Guidelines For Retailers This Holiday Shopping Season

    by Fahmida Y. Rashid on November 19, 2014

    The holiday shopping season is looming, and retailers are gearing up for Black Friday and other sales. It's been a year since criminals infiltrated Target's networks with malware and made off with millions of credit card details. Retailers are scrambling to get everything ready for the shoppers and deals; we hope their networks are secure and ready, as well. Or will cyber-criminals have another…

  • Security Storage: To HSM or Not To HSM?

    by Joshua Marpet on November 18, 2014

    Information security storage is necessary; without it, how would Amazon know what it is selling or what product recommendations to make? How could it store the shopper’s credit card information to make purchases with a single click? While consumers would like to think their credit card information, purchase history, and other personalized data is stored securely, that is not always the case. …

  • The Human Element in the Data Breach

    by Christopher Burgess on November 17, 2014

    We are all familiar with the adage, "to err is human; to really foul things up requires a computer," which implies that the computer may be to blame for many data breach calamities. Alas, it appears the erring human is also culpable. Take, for example, the recent kerfuffle surrounding Apple's iCloud and the compromise of celebrity accounts containing salacious photos. After much slinging of…

  • Social Engineering 2.0: Old-Fashioned Targets, Cutting-Edge Techniques

    by John Linkous on November 14, 2014

    Back in 2006, a large company in Chicago contracted my company to conduct an advanced information security controls assessment. In addition to looking for technical vulnerabilities—unpatched servers, web app vulnerabilities, open ports that should be closed, and the like—we were also contracted to conduct a social engineering assessment. On the first day of our technical assessment, our team…

  • Source Code: The Last Frontier of Security Threats

    by John Linkous on November 13, 2014

    My consulting firm is increasingly receiving requests from customers to help them address what seems to be the last frontier of security analysis: source code. As an analyst, I have a lot of tools at my disposal for identifying problems in both compiled code and p-code. Security, after all, started out as a black box-oriented approach to figuring out answers to problems; we know what the specs of…

  • Are Security Teams Ready to Handle the End of Year Challenges?

    by Fahmida Y. Rashid on November 12, 2014

    While we continue with the budget discussion, it's important to think about some of the unique challenges present as we approach the end of the calendar year. There are various things security professionals need to do at this time of the year, and David Matthews discusses some of them on Nov. 20 in Incident Response: Are You Ready for the End of the Year? As the former director of incident…

This document was retrieved from http://www.rsaconference.com/blogs on Thu, 27 Nov 2014 04:20:23 -0500.
© 2014 EMC Corporation. All rights reserved.