back door

Suspect NIST crypto standard long thought to have a back door

The agency is advising against using an elliptic curve algorithm adopted in 2006 that has concerned cryptographers from the beginning.

FDAS

Forensics tool makes sure investigators don't come up empty

CyanLine's Fast Disk Acquisition System gives forensics teams a real-time preview of what's on a drive, including whether it's set to prevent copying.

scam

Officials warn of spoofed health exchange websites

The look-alike Web pages may be created by interest groups, private insurance companies and, sometimes, scammers looking to gather personal information.

PIV

PIV credentials can now be used with mobile devices

The latest revision of FIPS 201, which sets the requirements for PIV cards, includes credentials for mobile devices and new interfaces to enable access with contactless connections.

Football referees check instant replay machine

NSA reports prompt NIST to reopen public review of crypto standards

Public concern over possible tampering by the NSA has led NIST to reopen the comment period on a suite of publications, but the IT security community isn't worried.

iPhone scan

Is the new iPhone's fingerprint scanner a sign of things to come?

If opened to app developers, Apple's Touch ID could give another authentication option to agencies looking to manage mobile devices, especially if other smartphone manufacturers follow suit.

cybersecurity

How do you protect DNS from hacktivists like SEA?

DNSSEC can be an effective tool -- but only one tool -- in preventing redirection attacks such as those carried out recently by the Syrian Electronic Army.

USPS

The key to getting your money's worth out of IT security tools

Holding the vendor accountable for results — and right away — is the first step in getting value from your cybersecurity investment, said USPS information security officer Chuck McGann.

secure text

R U secure? Encrypted texting expands to Android OS.

Silent Circle releases its latest end-to-end encryption tool, which enables secure texting between Apple iOS and Android platforms. A secure, peer-to-peer email app is due next year.

keys

Key-sharing tech helps combat encrypted DDoS attacks

Prolexic's SSL key-sharing tools make it easier to detect and stop encrypted Layer 7 DDoS attacks while customers maintain control of their SSL keys.

building

How USPS merges compliance, security in its huge enterprise

The Postal Service now is using the RedSeal network monitoring platform, originally intended to evaluate firewall rules, to improve situational awareness and operational security across its extended enterprise.

automation

Agencies must put more emphasis on automation

Defending against the steady growth in cyberattacks requires continuous monitoring and automated responses, and that could mean shifting resources.

Topic Resources

  • Update on Assessment & Authorization (A&A) Processes for Cross Domain Solutions

    As introduced in our latest certification and accreditation (C&A) basics webcast (“Navigating Certification & Accreditation – A Primer) C&A terminology is transitioning to assessment and authorization (A&A). See the associated white paper “From C&A to A&A – The RMF Shoe Has Dropped.” Continuing the transition discussion, Raytheon Cyber Products and Steve Welke are pleased to present a webcast updating the latest information on A&A processes for cross domain, multilevel security solutions. Join Steve Welke, an A&A industry expert, as he discusses the A&A principles, requirements and processes.

  • Increase Data Security through Your Print Solution

    You’ve consolidated your desktops with virtualization and moved your data to the cloud. What else can you do to obtain additional costs savings and increase security while keeping your network flexible? Connect print and digital information from across your organization with the people who need it, exactly when they need it. Join this webcast to learn how security software and printing solutions work together to eliminate extraneous printers at multiple sensitivity levels, allowing organizations to recognize significant savings from reduced hardware, space, power, support and supplies.

  • IBM i2 National Security and Defense Intelligence Demo

    In this video IBM Product Manager James Vincent presents an overview and demo of IBM® i2® National Security and Defense Intelligence—a cost effective information exploitation solution that provides data acquisition, multi-faceted intelligence analysis and multi-agency and partner collaboration features.