Special Interest Groups to develop standards that increase interoperability between security and incident response teams.
Source: Standards
Special Interest Groups to develop standards that increase interoperability between security and incident response teams.
Source: Standards
A cryptographic key is just a random string consisting of hundreds or thousands of ones and zeroes (i.e., binary digits, or “bits”).
Symmetric key encryption algorithms use a single symmetric key for both encryption and decryption, whereas asymmetric key encryption algorithms (aka public key algorithms) use two different but related keys for encryption and decryption.
Cryptographic keys may be either static (designed for long term usage) or ephemeral (designed to be used only for a single session or transaction). The crypto-period (i.e., lifetime) of static keys may vary from days to weeks, months, or even years depending on what they are used for.
The length of a key must align with the algorithm that will use it. Symmetric keys may have a lesser length compared to assymetric keys.
key length should be chosen based on a number of factors, such as:
- The algorithm being used
- The strength of security required
- The amount of data being processed with the key
- The crypto-period of the key
Common functions for cryptographic keys
KMS are used to ensure keys are
Source: Classification of Cryptographic Keys
2 new vulnerabilities detected. One due to conversion errors in file system allows to access the kernel address space(vulnerability (CVE-2021-33909).
Another vulnerability (CVE-2021-33910) is due to systemd which can be exploited to do a DoS attack and cause kernel panic.
Source: Root kernel vulnerability threatens many Linux distributions – Market Research Telecast
vulnerability (CVE-2021-33909)
Source: Root kernel vulnerability threatens many Linux distributions – Market Research Telecast
It’s a good time to work in the security field. Nemertes has completed it’s research benchmark for the first half of 2009, incorporating interviews with IT and security executives during a recession. The research participants told us that they consider security and compliance spending to be “recession proof”, third only to data network and voice/telecom spending. More>>>
If you receive a text message on your iPhone any time after Thursday afternoon containing only a single square character, Charlie Miller would suggest you turn the device off. Quickly. Read more...
A hacker has reportedly obtained and distributed more than 300 confidential documents pertaining to Twitter’s business affairs. The documents were reportedly stored on Google Apps.
The hacker apparently accessed documents with potentially sensitive information about Twitter employees, company finances, partner agreements, and other topics, and forwarded the documents to media outlets such as TechCrunch, which reported on the data breach Tuesday. Read more…