Speaking of Security – The RSA Blog and Podcast

ATMs enable us to get our cash on demand, for those of us who still use cash, and have come a long way since the first machines in the 1960s which dispersed a set amount of funds and sent back the bank card at a later date.

Convenient to consumers, yes – but to fraudsters, ATMs are seen as a way to get their hands on currency that isn’t theirs and unlike an online transaction can be harder to trace. As a cash-out point for many scams, fraudulent crimes and cyber-attacks the ATM has seen its fair share of unfriendly withdrawals.

• 

In light of the recent events I’ve reflected on how valuable electronic health records (EHR) and health information exchange (HIE) participation can be in a time of crisis to immediately access critical life saving data on impacted victims. EHRs not only allow for first responders to quickly access victims’ healthcare information, but also allows for more accurate ambulatory, ER and clinical decision making in life or death situations.

• 

…And they did it, they managed to slow down the internet. Next thing you know, they will break it! I am referring to what’s been called “the largest publicly announced online attack in the history of the Internet.” And this week we read about the suspect; a 35-year old guy from Netherlands who was arrested in Spain (The Netherlands Public Prosecutor Service press release in Dutch).

• 

With RSA’s Data Protection Manager 3.5 (now available), we are releasing into our core product a mechanism in cryptography that has been gaining steam in the recent years: format-preserving encryption (FPE). While we have been implementing FPE for years with our Professional Services teams, we felt it was now time to formally add this to [...]

• 

Big Data is the buzzword making headlines today. From improving medical diagnosis and treatment to energy conservation, businesses around the world are using Big Data analytics to transform the data they store into actionable information. Even here at RSA/EMC, we are working to leverage Big Data analytics to improve the way our customers detect and respond to threats. You can be sure that if legitimate businesses are using the latest and greatest technology, cybercriminals are too!

• 

Once again an attack against TLS has been published and again the attack targets cipher suites that use Cipher Block Chaining (CBC) mode encryption. This Man-in-the-Middle attack is easier to perpetrate than the previous Man-in-the-Browser attacks like “BEAST” and “CRIME,” but results in many failed TLS connections and requires statistical analysis of packet response times, which makes this plaintext recovery attack less practical. This article will discuss the Lucky Thirteen attacks as applied to TLS and DTLS, the practicalities of the attack, and how to mitigate the attack.

• 

I have mostly written about mobile apps; specifically on apps becoming an integral part of our daily lives. This is a fact that can be proven by the increase in the number of apps available and downloaded via public app stores. So what else is happening in the information security world? We are bombarded with news articles each day. The key is to identify the combined impacts of these seemingly disparate trends ̶ or news and see the big picture and may be even predict the future.

• 

I’m glad to see the 3DS (3D Secure) industry is finally catching up with RSA’s risk based strategy to address the consumer need for ease and convenience, while helping to protect customer PII as they shop on-line. Because when it boils down to what cardholders want and what card issuers need; if it doesn’t work neither side will be willing to use it!

• 

Last year, I received an e-mail from one of the social networking sites I frequent, in the wake of a bulk password theft, asking me to change my password. I went ahead and did so, but I’m sure that many others did not. And some that did change their passwords may not have done so immediately. If, as an organization, you are concerned that attackers may use the credentials they have stolen to access user accounts, then time is of the essence. So you’d want to reset all passwords now.

• 

Contributed by Lauren Horaist, Senior Product Marketing Manager, RSA Identity and Data Protection Group I sometimes find myself making strange comparisons between real life and work life.  One of those stream-of-consciousness moments happened a few weeks ago while I was driving home in a snowstorm.  I was minding my business driving along my normal route, [...]

•