Walking the Tightrope of Security and Usability
Here at the RSA Conference 2016, the theme this year is Connect to Protect. It is a fitting theme for a gathering of security professionals, given the widespread adoption of...
RSA Conference Brings Privacy out of the Shadows
As RSA Conference 2016 draws near, I’m excited to see that privacy is at last getting its day in the sun. This topic has often seemed like an after-market...
Hiding in Plain Sight: Malware’s Use of TLS and Encryption
Introduction TLS (Transport Layer Security) is a cryptographic protocol that provides privacy for applications. TLS is usually implemented on top of common protocols such as HTTP for web browsing or SMTP for email. HTTPS is the usage of TLS over HTTP, which is the most popular way of securing communication between a web server and […]
Cisco Next Generation Encryption and Postquantum Cryptography
Cisco developed Next Generation Encryption (NGE) in 2011. NGE was created to define a widely accepted and consistent set of cryptographic algorithms that provide strong security and good performance for our customers. These are the best standards that can be implemented today to meet the security and scalability requirements for network security in the years […]
File Security With the Click of a Button
Securing our digital lives used to be simpler. Up until a few years ago, we primarily used email as a means for transferring or exchanging files between two parties. A handful of companies emerged to provide email encryption for those who needed it. Most other people did not worry about it. Today, file exchange has […]
Open Sourcing FNR an Experimental Block Cipher
Traditional block ciphers work on fixed blocks of data—as an example, AES is well-defined for 128/192/256 bits. But one of the issues is the need for padding—so if you need to encrypt small amounts of data you may end with a huge difference in input vs. output size. As an example, using AES/128 on ECB […]
Taking Encryption to the Next Level: Enrollment Over Secure Transport Strengthens Adoption of Elliptic Curve Cryptograph …
Enrollment over Secure Transport (EST) is a new standard (RFC7030) designed to improve the lifecycle management of digital certificates, a key element for secure communications. Cisco Engineer Max Pritikin coauthored the EST standard. We’re very excited about the potential use cases of EST, which are, as we’ll discuss in a moment, pretty versatile. To understand […]
Safety first, business second, security none?
Based on 25 years of professional experience in various businesses around the globe, I can say that many industry verticals have a pretty good state of safety culture as it relates to the health and safety of their employees. This is especially true for companies involved in high-risk businesses such as oil and gas, (nuclear) […]
Detecting Payment Card Data Breaches Today to Avoid Becoming Tomorrow’s Headline
A few months ago we discussed the various ways that consumer PII is compromised. The recent attacks against Target and Neiman Marcus illustrate the constant threat that payment card accepting retailers of all sizes face. Yesterday Reuters reported that similar breaches over the holidays affected “at least three other well-known U.S. retailers”. Given the current […]