Misuse of X.509 Certificates & Keys Involved in SolarWinds Attack

This article discusses the misuse of X.509 certificates and keys in the SolarWinds attack and how Cryptomathic CKMS and CSG could help protect against such attacks.

Read more

The SolarWinds attack and best practices for code-signing

Since the announcement of the SolarWinds supply chain attack, intensive analysis has been done by Crowdstrike, FireEye (with additional details), Microsoft, Symantec, SolarWinds, and many others, to understand the attack’s workings both within SolarWinds and in the targeted networks. Here we focus on the code signing procedures, which seemingly failed at SolarWinds but likely could have mitigated the risk of the attack if they had been implemented and enforced to a higher standard.

Read more

Crypto Service Gateway: Enabling Crypto-Agility with the CSG Policy Engine

The business world today is built on the pervasive use of cryptography, to authenticate people and processes, to secure communications, and to protect sensitive data.

Read more

The SHA-1 Attack Further Emphasizes the Need for Crypto-Agility 

The first practical chosen-prefix collision attack on SHA-1 was announced in January 2020 by researchers Gaëtan Leurent and Thomas Peyrin: “SHA-1 is a Shambles”.  

Read more

SHA-1 is Practical and Cost-Effective to Crack Now

This article discusses recent warnings that a chosen-prefix collision attack on SHA-1 is now practical and cost-effective for attackers.

Read more

How Tokenization May Reduce False Declines

This article discusses how tokenization may reduce false declines with credit card transactions that could negatively impact merchants.

Read more

Some of the Technologies Behind Tokenization for Card Transactions and PCI-DSS

The EMV consortium released several standards detailing how “network” tokenization should be handled. There is now a general consensus within the consortium that tokenization could be the next major task for EMV payments.

Read more

Tokenization in Banking and Financial Services

Tokenization is a generalized concept of a cryptographic hash. It means representing something by a symbol (‘token’).

Read more

The Challenges and advantages of EMV Tokenization

EMV is short for EUROPAY-VISA-MASTERCARD. This term is used to refer to standards that have been designed to improve the security of credit and debit card transactions by using chip technology for payment cards.

Read more