Welcome to Delicate template
Just another WordPress site

Logjam Vulnerability

May 21st, 2015 | Posted by Steven Anderson in Monitoring | Security | SIEM - (0 Comments)

The TLS protocol is the current standard for secure communication over the Internet and until now had been considered to be highly secure. A recent discovery of Logjam, a vulnerability that spawns results similar to that of FREAK (Factoring Attack on RSA-EXPORT Keys) affects 8.4% of the top one million web domains. Like FREAK, Logjam downgrades encrypted connections to a weak 512-bit encryption using the “export-grade” option. Once downgraded, the encryption key can be factored in less than twelve hours using Amazon EC2, and it will only cost the attacker about $100. This vulnerability impacts SMTP, StartTLS, secure POP3, IMAP, and of course SSL and TLS.
Read more

Secure Sockets Layer (SSL) and Transport Layer Security (TLS) are cryptographic protocols that are designed to provide security for communications over a computer network. Theoretically, they establish a link through which to communicate securely. The protocols are only theoretically secure because the security is dependent on the following assumptions: Read more

On October 1, 2015 Visa, MasterCard, Amex, and Discover will be instituting a liability shift for fraudulent transactions. If either the merchant or the issuer (the customer’s bank who issued the credit/debit card) are not EMV-compliant and the other is EMV-compliant, then the party with the lesser technology will bear the liability for card-present transactions that are found to be fraudulent. In other words, the party that has made investment in EMV deployment will be protected from financial liability for card-present counterfeit fraud losses. If neither or both parties are EMV-compliant, the fraud liability remains the same as it is today.Read more

Michael Oglesby, True’s Managing Director of Delivery Operations and Principal Security Consultant, was once again the second place finisher in solving the coveted 2015 Verizon Data Breach Investigation Report (DBIR) Cover Challenge (finishing second to a two-man team)! Read more

Martin McCurdy, True’s newest Security Analyst (and former intern), was recently announced as being selected to the All Oklahoma/All USA Academic Team and recognized during a ceremony at the State Capital in Oklahoma City. Read more