Data Security

Tame that POODLE: Managing the Latest SSL Vulnerability

Last week the OpenSSL project released an advisory that describes a new SSL vulnerability. Now commonly known as “POODLE” ("Padding Oracle On Downgraded Legacy Encryption"), this vulnerability is less dangerous that its predecessor, the Heartbleed bug—primarily because of the conditions needed to exploit it (see below). 

POODLE is essentially an attack on the SSLv3 protocol. It was discovered in September (and published on October 14) by Google employees Bodo Möller, Thai Duong, and Krzysztof Kotowicz.

7 Technologies that Impact PCI

A few weeks ago I had a chance to attend the PCI Security Standards Council’s 2014 North American Community Meeting in Orlando, Florida. (PCI is shorthand for the Payment Card Industry Data Security Standard, a guideline to help organizations that process, store or transmit card payments.) Two highlights for me were presentations by the PCI’s new general manager Stephen W. Orfei, and another by Adm.

Specializing and Generalizing in the World of InfoSec

As with most professions these days, information security specialists need to continually strike a balance between focusing on the issues most relevant to their jobs—while keeping at least an eye on what’s going on everywhere else. One of the more efficient ways to do this is to attend conferences, which help you learn a lot about a lot of things—in a short amount of time.

In the Wake of Heartbleed Part 3: How Enterprise Cloud Manager Gave Customers an Advantage over Heartbleed

As the old saying goes, when you’re being chased by a bear, you don’t have to run faster than the bear. You just have to run faster than the people you’re with. The same is true when it comes to data security.

Guest Blog Post from Kent Woodruff on Internet World

Post Heartbleed, those of us involved in network security could take a lesson from the CDC. One of the biggest barriers to stopping the repeated threats of an Avian Flu pandemic is the resistance on the part of many nations to share information when the flu takes hold in their country. We saw this in May 2013 when China refused to release English-language versions of relevant statistics and facts about an outbreak in their country of a new bird flu called H7N9.

In the Wake of Heartbleed Part 2: All Hands on Deck

I talked last week about how the Heartbleed bug was unique in how long it went undiscovered, how many things it affected, and how hard it was to tell if anyone had used it to access data. Today I’d like to talk about what CradlePoint did to reestablish protections for our customers.

In the Wake of Heartbleed Part 1: Three Observations

Now that the dust has settled in the aftermath of the Heartbleed bug, I thought it might be useful to summarize some of the things CradlePoint learned and did that will help us better protect our clients in the future.  Let me be clear that CradlePoint acted swiftly to resolve the issues created by Heartbleed as soon as the vulnerability was discovered. I’ll talk about the remediation steps we took in my next post.

Network Security Part 2: How a Monolithic Network Opened the Door to Target Data

On Thursday, Dec. 19, 2013, Target revealed that data from 40 million of its customers’ credit and debit card accounts had been accessed by hackers. I’d like to discuss how and why this happened. But before I do, I want to make it clear that I’m not singling out Target as having done anything wrong. I’m using what happened to them simply to illustrate the kind of situation many companies are facing—even those with very good security systems and personnel.

Network Security Part 1: Is Your Company Depending on a Monolithic Network?

CradlePoint got its start six years ago by providing redundancy for companies with multiple remote locations. A good example is how, after Hurricane Katrina, one of the largest insurance companies in the nation bought 18,000 of our devices and installed them in every single one of their branch offices. By utilizing CradlePoint to provide a cellular network-based failover solution to back up their primary Internet connection, the company took a big step forward toward protecting its business continuity.

4½ Steps to Securing Your M2M Solutions

As businesses enter the Internet of All Things, the recurrent concern of security is not far behind. Whether it’s POS devices, digital signage, customer Wi-Fi, kiosks, video surveillance—or even HVAC control, every new connected device brings with it the risk of an information breach.