Video Screencast Help
Search Video Help Close Back
to help

Encryption Blog

Showing posts in English
The Multimillion Dollar CD
Shilpi Dey | 05 Nov 2012 | 0 comments

Shilpi Dey - Product Marketing Manager

Recently, three HSBC firms were fined several millions of dollars for "failing to adequately protect customers' confidential details from being lost or stolen". Sensitive customer data in the order of 180,000 records was sent to third parties on CDs and simply got lost in the mail. While no customer reported a loss from the failure, the Financial Services Authority (FSA) did not take too kindly to what they termed as the firms being "careless" and fined them to the tune of $5.3M.  As the HSBC firms tally their multi-million dollar fines during what’s described as one of the worst economic climates in the world's history,  the old adage comes to mind: penny-wise and pound foolish.

For the record, I'm not trying to pick on HSBC here, these kinds of breaches have now been reported by nearly...

Read more
Einstein III
Doug McLean | 05 Nov 2012 | 0 comments

Doug McLean - Blogmeister

The Washington Post broke an interesting story just before the Independence Day holiday about the issues the National Security Agency (NSA) has encountered in deploying their latest cyberdefense system. The Post requires a log-in to view the story, but the Wall Street Journal also covered the topic in more depth and it’s open to all to read, which I strongly recommend to anyone that cares about cybersecurity.

The basic story runs as follows. The Bush administration chartered the NSA with developing a comprehensive solution to both detect and block cyberattacks aimed at federal networks. The system, named Einstein, was originally deployed in 2002, though the functionality of the system was limited to intrusion detection, no countermeasure...

Read more
Why Standards are Necessary for Future-proofing your data security solution
Brian Tokuyoshi | 05 Nov 2012 | 1 comment

Brian Tokuyoshi - Product Marketing Manager

I recently met with a customer who was concerned about his data retention policies. He’s responsible for a number of servers and data on mainframes, and he fully supports the idea of doing encryption to keep it safe.

This particular customer understands the  value of using open standards for encryption. He said the following to me. “We’re encrypting data and backing it up. So let me ask you what you think, you backup the data, you backup the key, but do you backup the application?” That’s a problem that never occurred to me, because PGP Encryption Platform applications use the OpenPGP standard. Files encrypted with PGP software can be decrypted with other software that supports the...

Read more
The Critical Need For Encrypted Email
Robin Witty | 05 Nov 2012 | 0 comments

Robin Witty-Senior Product Marketing Manager

Are your company's emails really secure? Do you know for sure when most email sent over the Internet is in clear text and can be read by anyone with simple tools and know-how. Similar to the old party line telephone systems where neighbors could listen in on your phone calls, unauthorized parties can obtain confidential information from unencrypted corporate emails including valuable intellectual property or third party data that may require protection regulated by law.

If you think email breaches can’t happen to your company, consider a couple of high profile email breaches. Sarah Palin’s personal emails were posted to the web and her password was changed by a hacker. A...

Read more
Black Hat Illuminates Russian Cybercrime Gangs
Doug McLean | 05 Nov 2012 | 0 comments

Most of the news coming out of the Black Hat conference in Las Vegas focused on the new attack on AES and the bootkit attack on the TrueCrypt full disk encryption product. While these are certainly compelling pieces of research, I also found the reviews of the session on Russian organized crime to be quite interesting. The session was co-hosted by the FBI and McAfee and focused on the causes and consequences of the old line Russian criminal gangs entering the cybercrime business.

Make no mistake, these guys are not hackers that just happen to have turned to the dark side. There's not really a Russian mob so much as there is a mob that happens to be Russian. Russia has a long history of organized criminal gangs that go back to the...

Read more
Data Protection Is An Attitude Not An Afterthought
Shilpi Dey | 05 Nov 2012 | 0 comments

Shilpi Dey - Product Marketing Manager

In today’s economy, more than ever, losing customers can be detrimental to a business. One surefire way of losing a customer is to lose their trust. A data breach affects an organization in many ways, and loss of reputation is just one of them.

Most organizations identify data at risk from the most common starting point – the endpoint. These are the laptops, desktops and USB devices that house an organization’s most sensitive data. However, increasingly, organizations are realizing that simply securing endpoints is not sufficient to protect this data. There is always the human dimension to consider: bad people doing bad things, and good people doing bad things, often inadvertently. But, there's also the question of how data, or information, is used, managed and maintained. To successfully address this problem, organizations need to address data at risk holistically.  After all, data is...

Read more
Towards an Interoperable Future (and a good game of baseball) – Part I of III
Brian Tokuyoshi | 05 Nov 2012 | 0 comments

Brian Tokuyoshi - Product Marketing Manager

Most people agree that open standards are good for everyone. Standards help companies deploy products that work together with existing investments, thus reducing the impact and issues of technology displacement. They help developers build products by not having to reinvent the wheel, and build upon the work that has already been done. It establishes some common ground that bridges the gap between the interdependencies for related products.

Perhaps one of the challenges for standards is recognizing the need for one, and the unforeseen and currently unattainable future that provides the benefit for all. Standards do not emerge without a need in the market, which typically originates from the proliferation of one-off proprietary technologies. The creators of said proprietary technologies tend to not want to give ground to an open standard, because they profit by locking in customers to their interpretation of...

Read more
An Encryption Tool for Really Big Secrets
Brian Tokuyoshi | 05 Nov 2012 | 0 comments

Brian Tokuyoshi - Product Marketing Manager

Are you working on some big secrets that you need to keep safe? I am talking about REALLY BIG ones.  Where can you get a tool that will handle your needs?

When I say “big secrets” I am actually referring to physical size, not sensitivity of the data. That’s because that a very large (13 foot long, 6 feet wide) device for encryption is now available on eBa.

At the RSA 2009 Conference in San Francisco, Jamie Hyneman and Adam Savage from the MythBusters television show provided an entertaining closing keynote speech. On the TV show, the duo act as skeptics of urban myths, and use large scale science experiments to test whether common beliefs hold water. At the conference, they used this device as part of their opening act. ...

Read more
A Puzzle for New Cryptography Students
Brian Tokuyoshi | 05 Nov 2012 | 0 comments

Brian Tokuyoshi - Product Marketing Manager

When people new to cryptography first start to learn about public keys, they start with the basics, usually involving a person named Alice and a person named Bob. One maxim that they learn is that a message encrypted by one’s public key could only be decrypted with the corresponding private key. (I get a little tired of reading about analogies with Alice and Bob, so I’m going to use different names. Let’s go with Angelina and Brad). If Angelina wants to send Brad a private message, she uses a copy of his public key to encrypt the message. Brad, the recipient, uses his private key to access the message. That portion of public key cryptography is easily understood.

Now let’s take an example using encrypted email, which often has more than one recipient.  If Angelina sends an encrypted email to two people, and uses the public key for each person, shouldn’t there be two...

Read more
What PGP Means to Me
Brian Tokuyoshi | 05 Nov 2012 | 0 comments

Brian Tokuyoshi - Product Marketing Manager

I remember the first time that I heard about PGP software.  It was in the mid 90s, and I was working on email systems at the time, dealing with the vast number of proprietary email formats and building gateways to get the messages from one system to another. During this time, it became clear to me that the system for trust in email was fairly broken – it was trivial for anyone to impersonate another person, tampering and modifying the content was possible, and the administrators had full access to see everyone’s data. The whole system of trust for Internet email really depended on hoping that there weren’t bad guys looking to cause problems.

I started using PGP software more for personal than business reasons.  I was concerned about my privacy because I knew how much power system administrators had. So for the last 14 years or so, I’ve been using PGP to protect email and...

Read more