Guillaume Forget

Guillaume Forget is Managing Director at Cryptomathic GmbH, where he leads the German subsidiary operations. Guillaume is also responsible for ensuring Cryptomathic’s unique technology, IP portfolio and innovation capacity can meet the market´s desire for a high level of security assurance. Guillaume has wide industry knowledge and is an evangelist in the eSignature and What You See Is You Sign space, where he has co-authored several papers and patents. To date, Guillaume has successfully co-ordinated numerous key Cryptomathic projects, including large scale central signing deployments across Europe.

Regain control of cryptographic keys in large organisations with centralised key management

This article describes from a CISO perspective how to manage and protect security assets in large organisations, i.e. the cryptographic keys and suggests adequate procedures and systems.

2/3 of organizations with public facing vulnerable to hacker attacks

The Heartbleed security vulnerability, publicised in March 2014, received an abundance of media attention as it exposed over 1 million web servers worldwide relying on OpenSSL version 1.0.1. The bug was corrected shortly after the leak with the release of OpenSSL v1.0.1g on April 7th 2014. However, estimates suggest that around 2/3 of organisations with public-facing systems are still vulnerable to the attack.

Read more

How to protect mobile banking and payment apps from malicious app attacks

We are constantly reminded by news stories how complex it can be to secure mobile banking and payments apps. A recent study has found that 11% percent of Android banking apps are suspicious, which is enough to frighten many banking app service

Read more

Secure Mobile Transactions – Fact or Fiction? Part 2 of 2

...continued from Part 1

The threat model

Malicious mobile device hackers have a variety of goals. Foremost is monetary gain, but retribution, anarchy, curiosity and perceived public good can all be part of the motivation. The attackers can be grouped by resource levels and goals, as illustrated in table 1.

Table 1: An example of how mobile security attackers can be categorised by resources and goals.

Understanding the motivation of a hacker highlights that a good mobile security strategy must not only defend both against specific mobile threats, but also more generic threats such as reputational or ethical attacks.

Read more

Secure Mobile Transactions – Fact or Fiction? Part 1 of 2

With mobile devices being used for more credentialing based activities, the question of mobile security is becoming increasingly important. The mobile security landscape, however, is still immature, so how can service providers successfully deliver secure mobile services today?

Read more

Where 2FA and PKI Meet

Under pressure from sophisticated attacks and rising fraud, many B2C organisations of the financial industry are currently enhancing the static password based authentication to their web applications to something stronger - the 2FA age. 2-Factor Authentication (2FA) is currently achieving large scale deployments and consumer adoption where PKI failed a few years ago.

From a technical standpoint, PKI offers significant benefits including the possibility to sign tran

Read more