Information Security News
CounterTack Updates Sentinel Endpoint Threat Detection Platform
"Defending against advanced persistent threats and protecting our organization and customers from threats like Dark Seoul are our top priorities," Jae Woo Lee, general manager of the managed security service team at SK Infosec, said in a statement.
More security researchers are pulling out of next month's RSA security conference in protest of recent revelations that the event's namesake, EMC-owned subsidiary RSA, received $10 million to make an NSA-favored random number generator the default setting in its BSAFE crypto tool.
By Tuesday afternoon, there were eight previously scheduled RSA participants who had publicly cancelled their engagements. They included Adam Langley and Chris Palmer, both on various security teams at Google; Chris Soghoian, principal technologist for the American Civil Liberties Union; EFF special counsel Marcia Hoffman; Mozilla Global Privacy and Public Policy Leader Alex Fowler; Josh Thomas, who is listed as "chief breaking officer" at Atredis Partners; and Jeffrey Carr, CEO of security consultancy Taia Global. They joined F-Secure Chief Research Officer Mikko Hypponen, who announced his plans to withdraw two weeks ago.
"I've become convinced that a public stance serves more than self-aggrandizement, so I've pulled out of the Cryptographers Panel at RSA 2014," Langley wrote on Twitter Tuesday. "(I had already decided not to do it, but I pondered for a while whether I should say anything in public)," he wrote in a follow-up tweet.
A National Security Agency employee will continue to co-chair an influential group that helps to develop cryptographic standards designed to protect Internet communications, despite calls that he should be removed.
Kevin Igoe, a senior cryptographer with the NSA's Commercial Solutions Center, is one of two co-chairs of the Crypto Forum Research Group (CFRG), which provides cryptographic guidance to working groups that develop widely used standards for the Internet Engineering Task Force (IETF). On Sunday, the chair of the group that oversees appointments to the CFRG rejected a recent call that Igoe be removed in light of recent revelations that the NSA has worked to deliberately weaken international encryption standards.
"Widespread wiretapping by nation-state adversaries is a threat unlike any other in the history of the Internet, but I do not believe that preventing interested people from participating in the IRTF or IETF based solely on their affiliation will help us combat that threat," Lars Eggert, chair of the Internet Research Task Force (IRTF), wrote in an e-mail. The IRTF focuses on long-term research and is responsible for the CFRG and eight other research groups. Meanwhile, the IETF is a parallel organization that focuses on shorter term engineering standards that are crucial for the Internet, such as the Transport Layer Security (TLS) protocol for Web encryption.
CounterTack Unveils Next Generation of Sentinel for Endpoint Threat Detection ...
Marketwired (press release)
"Defending against advanced persistent threats and protecting our organization and customers from threats like Dark Seoul are our top priorities," said Jae Woo Lee, General Manager of the Managed Security Service Team, SK Infosec. "We needed a platform ...
Openssl project has announced a new realse of openssl 1.0.01 open source toolkit for SSl/TLS.The new release has fixed several bugs as the following :
Major changes between OpenSSL 1.0.0k and OpenSSL 1.0.0l [6 Jan 2014]
Major changes between OpenSSL 1.0.0j and OpenSSL 1.0.0k [5 Feb 2013]:
Major changes between OpenSSL 1.0.0i and OpenSSL 1.0.0j [10 May 2012]:
Major changes between OpenSSL 1.0.0h and OpenSSL 1.0.0i [19 Apr 2012]:
Major changes between OpenSSL 1.0.0g and OpenSSL 1.0.0h [12 Mar 2012]:
Major changes between OpenSSL 1.0.0f and OpenSSL 1.0.0g [18 Jan 2012]:
Major changes between OpenSSL 1.0.0e and OpenSSL 1.0.0f [4 Jan 2012]:
Check for malformed RFC3779 data CVE-2011-4577
For more details :
http://www.openssl.org/news/openssl-1.0.0-notes.html(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
In Search Of A Warmer Security Blanket
And the scariest of all of them is security. As Dave Piscitello, vice-president of security for ICANN, lamented in My 5 Wishes For Security In 2014, “Year-end security predictions are really hard for InfoSec practitioners, in no small part because so ...