Symantec's stunning decision to put $1.28 billion in cash on the table to buy most of the security services within VeriSign is a gambit that is drawing mixed reactions in the analyst community, but Symantec insists the VeriSign certificate and authentication services are key elements in what's shaping up to be one of the biggest self-transformations ever in the security industry.
A mish-mash of security issues came up this week, everything from how to protect virtualized environments to a system that protects copper in utility sites from robbery and a story about digital certificate thefts.
Following the success of researchers last week in creating a false SSL certificate based on VeriSign's RapidSSL brand, the company is scrambling to explain how it happened, how it's preventing it from reoccurring, and whether its other SSL certificate-generation services are at risk.
Digital Certificate Authority (CA) Trustwave revealed that it has issued a digital certificate that enabled an unnamed private company to spy on SSL-protected connections within its corporate network, an action that prompted the Mozilla community to debate whether the CA's root certificate should be removed from Firefox.
Mozilla plans to ask all certificate authorities to review their subordinate CA certificates and revoke those that could be used by companies to inspect SSL-encrypted traffic for domain names they don't control.
Internet security gurus and leading vendors are urging the U.S. federal government to rapidly deploy security and authentication mechanisms at the top level of the DNS hierarchy, which is known as the root zone.
The debate over the self-signed certificate issue in Firefox 3.0 has fostered an add-on from Carnegie Mellon researchers and it seems a prevailing tide that Mozilla is headed down the right path.
In order to get its Linux distribution to run on the next generation of secured desktop computing hardware, the Fedora Project will obtain a digital signature from Microsoft, a developer from the project announced Wednesday.
The latest iOS update corrects a security flaw in how Apple's mobile OS handled security certificates. Without it, hackers can create their own certifcates, opening iPhone and iPad sessions to capture and decryption.
Anyone wanting to buy mobile-device management (MDM) software to manage Apple iOS devices will find they need a special digital certificate from Apple to activate it, a requirement that doesn't apply to the same MDM software that would be used to manage Google Android devices, for instance.
This is another in an occasional series of articles looking at computer incident response team (CIRT) management. In the last column, I discussed incident postmortem analysis. Today I want to look at root-cause analysis.
This is another in an occasional series of articles looking at computer incident response team (CIRT) management. In my last column, I discussed the importance of root-cause analysis. Today I'd like to present arguments in favor of systematic dissemination throughout the organization of the knowledge gained through incident postmortem and root-cause analysis.
There are a wide range of tools available for boosting application performance over the WAN, but it’s not easy to figure out which ones are appropriate for each enterprise.
State of Illinois had placed a big bet on public-key infrastructure (PKI) for e-commerce, but that was becoming a losing bet three years ago as state agencies floundered with issuing digital certificates. But a drastic change to centralize certificate issuance through the Illinois IT department saved the project, among the most ambitious for PKI in the country.
Last time, we talked in some additional detail about the root cause of VoIP call quality degradation for users who subscribe to a BYOB (bring your own broadband) VoIP service. Today, we'd like to propose a few alternative solutions.
Compuware this week made available an upgraded release of its flagship management software that the vendor says will help IT managers more quickly determine the root cause of poorly performing applications.
Worried about poor online data management and certificate forgery among students, the Nigerian government has established the National Universities Commission Data Base (NUCDB).