The High/low Entropy Rant for Cryptography

We had another discussion of entropy today.  In computing, entropy is the randomness collected by an operating system or application for use in cryptography or other uses that require random data, a quick search of Wikipedia will tell you.  And you may well know, a lack of entropy can have a negative impact on performance The post The High/low Entropy Rant for Cryptography appeared first on HPE Security - Data Security.
Read more

On Bug Bounty Programs: An Interview with HackerOne’s CEO

In September 2017, I created a list of 10 essential bug bounty programs for 2017. Readers with a keen eye to detail might have noticed that nearly half of the companies included in that catalog host their vulnerability research programs, otherwise known as vulnerability disclosure programs and responsible disclosure programs, through HackerOne. A popular bug … Read More The post On Bug Bounty Programs: An Interview with HackerOne’s CEO appeared first on The State of Security.
Read more

Encryption would NOT have saved Equifax

I read a few articles this week suggesting that the big question for Equifax is whether or not their data was encrypted. The State of Massachusetts, speaking about the lawsuit it filed, said that Equifax "didn't put in safeguards like encryption that would have protected the data." Unfortunately, encryption, as it's most often used in these scenarios, would not have actually prevented the exposure of this data. This breach will have an enormous impact, so we should be careful to get the facts right and provide as much education as possible to law makers and really to anyone else affected.We know that the attack took advantage of a flaw in Apache Struts (that should have been patched). Struts is a framework for building applications. It lives at the application tier. The data, obviously, resides at the data tier. Once the application was compromised, it really doesn't matter if the data was encrypted because the application is allowed to access (and therefore to decrypt) the data.I won't get into all the various encryption techniques that are possible but there are two common types of data encryption for these types of applications. There's...
Read more

5 Key Items for the Digital Transformation of Healthcare

People’s lives are at risk as the healthcare industry transforms patient care with modern IT technologies. Data security and application availability are essential when a patient’s medical information is on the network. Hospitals and medical practices are digitizing healthcare applications like x-rays, CAT scans, medication distribution and surgical procedures using interactive video. In addition, patient The post 5 Key Items for the Digital Transformation of Healthcare appeared first on Radware Blog.
Read more

Globe Imposter Named Second Most Prevalent Malware for August 2017

Globe Imposter earned the dubious title of second most prevalent malware for its impact on organizations worldwide in August 2017. Researchers first discovered Globe Imposter, a crypto-malware family that masquerades as Globe ransomware, in May 2017. The digital threat’s proliferation remained steady for several months. But in August 2017, the ransomware revved up its distribution … Read More The post Globe Imposter Named Second Most Prevalent Malware for August 2017 appeared first on The State of Security.
Read more

How do a credit freeze and format-preserving encryption share a similar best-practice approach to protect your data?

Like many ordinary consumers in recent days, I’ve been asking the same question: How best to defend my identity online, given the news of another “mega-breach” compromising my personal data? On one hand, we can appreciate businesses are using personal details to enable more customized products and services that meet our needs. Brand loyalty and The post How do a credit freeze and format-preserving encryption share a similar best-practice approach to protect your data? appeared first on HPE Security - Data Security.
Read more
Page 1 of 912345...Last »