Will Bar Mitzvah Be The Death Knell for RC4 Crypto?

RC4 is an encryption algorithm designed by RSA in 1987. It was attractive then because it could be implemented in a few lines of code, and wasn’t computationally intensive. PC’s were 8088 or MC68000 based at the time, and 64K was enough RAM, remember? Even today RC4 has advantages. It runs fast on small devices,

> Read More

Infosec Haiku

Anata no joho sekyuritei konshu no haiku

US / UK Say
National Security
Needs Crypto Backdoors

 

### Notes ###
* Thanks to Ms. Etsuko vdH for the translation.
* Thanks to everyone who’ve contributed their haikus … watch this space to see if yours is published.

> Read More

7 Things You Need to Know About HITECH

Today, Wednesday, February 17, 2010, marks one year since the HITECH Act of 2009 passed. This means that most of the Act’s provisions are now enforceable – particularly, the breach notification and penalties aspect of the Act. While most healthcare organizations are concerned about the “meaningful use” requirement, for us in the IT security space it is the expanded PHR safeguards that are important.

> Read More

Chris’ Security Cache Contemplation: Week 5

Miscellaneous interesting news/tidbits I’ve run across whilst trying to keep up with/clean out my inbox …

Twitter Propaganda Posters. Thanks to the good folks at bOING bOING, I learned about these posters. Very cool, very funny … but there’s also a serious side to it: if your organization is going to take advantage of new social media tools such as Blogs and Twitter and such (and I think in most cases you should),

> Read More

$10 Million Ransomware Demand: Brazen or Bonehead Move?

The recent incident at the State of Virginia website – where prescription records are currently being held for ransom with a demand for a payment of $10 million is not a new scammer methodology. However, historically, scammers keep the ransom payment low to fly under the radar of law enforcement officials, so the demand for $10 million clearly stands out as either brazen or perhaps simply stupid on the part of the bad guys,

> Read More

Nasty Virus / Trojan Lurking in the Wild

With Conficker still fresh on our minds, a new potential menace has emerged.  The remote access capability of a Trojan that spreads like a Virus – W32.Virut.CF (Symantec) or W32/Scribble-A (Sophos) is poised to wreak havoc on networks over the coming days.  Embedding itself deep within infected machines, the Trojan will make it difficult to clean up.  

> Read More

Geeks.com Pwned by the FTC

Sometimes, I’m sure, folks out there think we’re in the scaremongering business. Take, for instance, the notion that failing to protect your customers’ Personally Identifiable Information (PII) can expose your organization to both direct *and* indirect costs. You can find this notion in ad copy and whitepapers from almost all security vendors,

> Read More

Adoption of Mobile Devices in the Workplace: Striking the Right Balance

Whether the economy is doing well or not, business leaders are always looking for the technological edge to bump up productivity and get more out of their workers. But new innovations always introduce new risks. The hallmark of a good C-level executive is the ability to balance the benefit of innovation with solid risk mitigation.

> Read More

To Keep or Not to Keep Barack Obama’s BlackBerry?

With the inauguration of President-elect Barack Obama just around the corner, there is a lot of debate around Obama’s plea to keep his personal BlackBerry over the concerns of his Secret Service.  Why?  Because it deals with two major concerns – public record and use of personal emails by not just any elected official but the most powerful man in the country. 

> Read More

China Seeks Control Over Encryption Products

As one site writes, here they go again. It appears that the Chinese government is planning to require foreign computer security technology be submitted for government approval by May 1, 2009. According to the Associated Press, this will require official certification of technology widely used to keep e-mail and company data networks secure,

> Read More