Merchants need to start planning TLS migration
Merchants using SSL encryption to protect transactions will soon have to upgrade to TLS -- but not all payment vendors are ready.
Maria Korolov | 03 Apr | Read more
Merchants using SSL encryption to protect transactions will soon have to upgrade to TLS -- but not all payment vendors are ready.
Maria Korolov | 03 Apr | Read more
Coinbase set to open first regulated Bitcoin exchange ... Malaysia Airlines suffers big hack ... Wikileaks says Google passed data to U.S. ... and more news
IDG News Service staff | 26 Jan | Read more
The National Institute of Standards and Technology needs to hire more cryptographers and improve its collaboration with the industry and academia, reducing its reliance on the U.S. National Security Agency for decisions around cryptographic standards.
Lucian Constantin | 16 Jul | Read more
Now that the US National Institute of Standards and Technology has finalized the much-discussed cybersecurity framework, organizations can use it as the guideline for measuring how well their systems are secured.
Joab Jackson | 14 Feb | Read more
After delays due to the government shutdown, the National Institute of Standards and Technology (NIST) released on October 22 its latest version of a comprehensive cybersecurity framework for critical infrastructure as mandated by President Obama's February cybersecurity executive order (EO). This preliminary framework is subject to a 45-day public comment period, after which NIST will make revisions and then produce a final framework for publication in February.
Cynthia Brumfield | 24 Oct | Read more
Controversial crypto technology known as Dual EC DRBG, thought to be a backdoor for the National Security Agency, ended up in some Cisco products as part of their code libraries. But Cisco says they cannot be used because it chose other crypto as an operational default which can't be changed.
Ellen Messmer | 17 Oct | Read more
Plan's self-regulatory approach toward industrial control systems 'doesn't do us a hell of a lot of good,' another expert said
Antone Gonsalves | 05 Sep | Read more
Following through on an order earlier this year from U.S. President Barack Obama, the National Institute of Standards and Technology (NIST) is rapidly developing a set of guidelines and best practices to help organizations better secure their IT systems.
Joab Jackson | 29 Aug | Read more
The National Institute of Standards and Technology (NIST) held in San Diego last week the third of four workshops to develop a comprehensive cybersecurity framework for critical infrastructure as required under an executive order signed by President Obama on February 12, 2013. NIST's goal with the workshop was to solicit feedback from nearly five hundred attendees to generate content for the preliminary draft framework, which is due in early October.
Cynthia Brumfield | 18 Jul | Read more
National Vulnerability Database break-in comes as President Obama presses for stronger cybersecurity this week with corporate leaders
Antone Gonsalves | 15 Mar | Read more
Any business that anticipates using cloud-based services should be asking the question: What can my cloud provider do for me in terms of providing digital forensics data in the event of any legal dispute, civil or criminal case, cyberattack or data breach?
Ellen Messmer | 06 Mar | Read more
In a look at the number of vulnerabilities recorded over 25 years in software products and open source, a researcher at Sourcefire has determined that Microsoft Windows XP and the Mozilla Firefox browser stand out as the two with the largest number of high-severity vulnerabilities.
Ellen Messmer | 25 Feb | Read more
Passwords are the most widely used security mechanism on the Web, so beefing up hashing algorithms, utilized to protect them, is important
Antone Gonsalves | 15 Feb | Read more
Symantec today began offering multi-algorithm SSL certificates for Web servers that go beyond traditional crypto to include what's known as the Elliptic Curve Cryptography (ECC) Digital Signature Algorithm (DSA), which the firm says will be 10,000 times harder to break than an RSA-bit key. Certificates are used to prove site identity to the visitor through a validation check that involves the user's browser and the site certificate, and Symantec is making the argument that authentication will happen faster using this particular ECC algorithm.
Ellen Messmer | 13 Feb | Read more
Applications for domestic drone licenses are increasing steadily, even as privacy concerns related to their use over the U.S. continue to mount. Some states are even moving to ban them all together.
Jaikumar Vijayan | 08 Feb | Read more