Welcome to Delicate template
Header
Just another WordPress site
Header

The POODLE attack or “Padding Oracle On Downgraded Legacy Encryption” is a fairly recent attack that takes advantage of both the backwards compatibility integrated into SSL/TLS protocols and the means by which SSL/TLS protocols are negotiated. Its purpose is to force a downgrade from TLS 1.0/1.1/1.2 to SSL 3.0, which has an inherent flaw that allows for an actor to decrypt a client-side cookie containing authentication data.Read more

Steven Anderson

Steven Anderson

Steven Anderson is an Information Security Intern at True. He first became interested in computer science and information security while serving in the U.S. Marine Corps as a Computer Technician and later a Data Network Specialist. After earning an Associates in Science in Computer Science, Computer Engineering, and Physics from TCC, Steven is continuing his education at the University of Tulsa as a Computer Science undergraduate in his senior year, with goals to pursue a career as a Security Analyst.

More Posts

Secure Sockets Layer (SSL) and Transport Layer Security (TLS) are cryptographic protocols that are designed to provide security for communications over a computer network. Theoretically, they establish a link through which to communicate securely. The protocols are only theoretically secure because the security is dependent on the following assumptions: Read more

Steven Anderson

Steven Anderson

Steven Anderson is an Information Security Intern at True. He first became interested in computer science and information security while serving in the U.S. Marine Corps as a Computer Technician and later a Data Network Specialist. After earning an Associates in Science in Computer Science, Computer Engineering, and Physics from TCC, Steven is continuing his education at the University of Tulsa as a Computer Science undergraduate in his senior year, with goals to pursue a career as a Security Analyst.

More Posts

I often get into debates on the use of encryption and it being the panacea of data protection. While encryption has proven itself a viable solution for many years, the problem is never in the algorithm, but rather in the management of the keys. In order for encryption to occur the system must have the key to encrypt and decrypt the data. This means that the key resides somewhere on a computer system accessible by the application. How well is the organization protecting the key and ensuring that the application is handling the key appropriately is the most significant question.

Read more

Jerald Dawkins

Jerald Dawkins

Dr. Jerald Dawkins is the CEO and Founder of TRUE and has extensive experience in regulatory compliance, technical risk assessments, penetration testing, web application vulnerability analysis and secure coding. Dr. Dawkins is the author of numerous publications and presents at national and international conferences. He holds the following certifications: CISSP, NSA IAM, and CNSS 4011-4015.

More Posts

Voice Over IP Security

September 18th, 2009 | Posted by Nathaniel James in Encryption | Security - (0 Comments)

According to NIST, with the proliferation of VOIP, the demands for security are significantly compounded.  Now, network administrators must protect two invaluable assets – our data and our conversations. Federal agencies are required by law to protect a great deal of information, even if it is unclassified. The current Internet architecture does not provide the same physical wire security as the phone lines. What’s the solution? Encryption! Encryption! Encryption!

Encrypting VOIP traffic and running it over a virtual private network provides excellent security when dealing with external communications. Architecture decision, like locating IP Telephones behind NATs and Firewalls, are also important.

We can all breathe a collectively sigh of relief – terrorists now have the ability to communicate securely[reuters.com]. I was really starting to be concerned for their privacy…

Dominic Schulte

Dominic Schulte

Dominic Schulte currently serves as the Managing Director of Security Services & Consulting at TRUE, where he is responsible for the execution of a wide range of security and regulatory compliance services. Previously, Dominic worked with the National Security Agency (NSA) as a Global Network Exploitation and Vulnerability Analyst in the National Security Incident and Response Center (NSIRC). He holds CISSP, QSA and CNSS 4011-4015 certifications.

More Posts