remote login_154778546

Getting it Right with VDI and BYOD: A Security Driven Approach

Virtual Desktop Infrastructure, or VDI, is a technology that presents desktops or individually entitled applications from a central management server to remote users’ browser-enabled devices over the internet. Think of it as client-server for the new digital age with the chief advantage being that – in these times of the oft painful breach – all…

Read More

Passwords don’t work!

I was at a security conference last week and the keynote speaker was addressing the concerns we all share about the security climate…we are losing ground. In his conversation he mentioned that two-factor authentication is a minimum baseline security measure that got a lot of nods in the crowd but completely forgot that statement when he…

Read More

RSA SecurID Customers Take Note: RSA Via Access is for You, Too!

Today, RSA announced a milestone – the upcoming 2015 release of RSA Via that includes RSA Via Access  – a new hosted cloud-based authentication service for single sign-on to SaaS and on-premise web applications. This news not only is exciting, it’s game-changing. And it demonstrates that RSA is meeting customer needs for a unified approach to…

Read More

Still Not Cracked: a further dive into the PKCS #1 v1.5 vulnerability

Contrary to some comments we have seen, RSA is not “walking around” the Project Team Prosecco research as is asserted in a recent Root Labs blog; in fact we have repeatedly stated to bloggers and the press that we support this specific research (as I did here, yesterday) as well as other cryptanalysis. Our problem is with the reporting on the research and its relationship to RSA. Much of this reporting is misleading and inaccurate, leading to unwarranted fear among customers. Reports have been published that claim the cracking of RSA SecurID 800 devices, stealing of private keys and possible cloning of smart cards; all of which of course are not true. In addition, other reports link this attack against smartcards to the RSA SecurID One Time Passcode technology, which is strictly false.

Read More