RC4 is an encryption algorithm designed by RSA in 1987. It was attractive then because it could be implemented in a few lines of code, and wasn’t computationally intensive. PC’s were 8088 or MC68000 based at the time, and 64K was enough RAM, remember? Even today RC4 has advantages. It runs fast on small devices,
We live in alarming times.
Revelations by NSA whistleblower Edward Snowden woke many of us to up the risks posed by covert surveillance, and in just the last few days – following the ghastly events in Paris – UK Prime Minister David Cameron has called for secure communication apps to be made unlawful,
Unless you’ve been living under a rock for the past couple of months , you know about the tremendous fallout from Edward Snowden’s revelations on the extent of the NSA’s monitoring of … well … just about everything. Plenty of discussion out there – if you Google < nsa leaks > you’ll get over 80M hits in 0.22 seconds.
Today, Wednesday, February 17, 2010, marks one year since the HITECH Act of 2009 passed. This means that most of the Act’s provisions are now enforceable – particularly, the breach notification and penalties aspect of the Act. While most healthcare organizations are concerned about the “meaningful use” requirement, for us in the IT security space it is the expanded PHR safeguards that are important.
So, last week I wrote something about Windows 7 adoption – hope you found it interesting and useful. Today, I want to focus on its sister release, Windows Server 7 Server 2008 R2 (which I’m call WS2K8 R2).
WS2K8 R2 is the latest version of Server 2008, which was originally released in early 2008.
Miscellaneous interesting news/tidbits I’ve run across whilst trying to keep up with/clean out my inbox …
Twitter Propaganda Posters. Thanks to the good folks at bOING bOING, I learned about these posters. Very cool, very funny … but there’s also a serious side to it: if your organization is going to take advantage of new social media tools such as Blogs and Twitter and such (and I think in most cases you should),
The recent incident at the State of Virginia website – where prescription records are currently being held for ransom with a demand for a payment of $10 million is not a new scammer methodology. However, historically, scammers keep the ransom payment low to fly under the radar of law enforcement officials, so the demand for $10 million clearly stands out as either brazen or perhaps simply stupid on the part of the bad guys,
With Conficker still fresh on our minds, a new potential menace has emerged. The remote access capability of a Trojan that spreads like a Virus – W32.Virut.CF (Symantec) or W32/Scribble-A (Sophos) is poised to wreak havoc on networks over the coming days. Embedding itself deep within infected machines, the Trojan will make it difficult to clean up.
Sometimes, I’m sure, folks out there think we’re in the scaremongering business. Take, for instance, the notion that failing to protect your customers’ Personally Identifiable Information (PII) can expose your organization to both direct *and* indirect costs. You can find this notion in ad copy and whitepapers from almost all security vendors,
Whether the economy is doing well or not, business leaders are always looking for the technological edge to bump up productivity and get more out of their workers. But new innovations always introduce new risks. The hallmark of a good C-level executive is the ability to balance the benefit of innovation with solid risk mitigation.
With the inauguration of President-elect Barack Obama just around the corner, there is a lot of debate around Obama’s plea to keep his personal BlackBerry over the concerns of his Secret Service. Why? Because it deals with two major concerns – public record and use of personal emails by not just any elected official but the most powerful man in the country.
As one site writes, here they go again. It appears that the Chinese government is planning to require foreign computer security technology be submitted for government approval by May 1, 2009. According to the Associated Press, this will require official certification of technology widely used to keep e-mail and company data networks secure,