The SolarWinds attack and best practices for code-signing

The SolarWinds attack and best practices for code-signing

Since the announcement of the SolarWinds supply chain attack, intensive analysis has been done by Crowdstrike, FireEye (with additional details), Microsoft, Symantec, SolarWinds, and many others, to understand the attack’s workings both within SolarWinds and in the targeted networks. Here we focus on the code signing procedures, which seemingly failed at SolarWinds but likely could have mitigated the risk of the attack if they had been implemented and enforced to a higher standard.

Turning Cryptography into a Service - Part 2

Turning Cryptography into a Service - Part 2

Part 2 – Accelerating Time-to-Market

 

With the increase in e-commerce and electronic communications on the one hand and the growing challenges of cybercrime and data protection regulation, on the other hand, cryptography is becoming an increasingly important business enabler.

Crypto Service Gateway: Enabling Crypto-Agility with the CSG Policy Engine

Crypto Service Gateway: Enabling Crypto-Agility with the CSG Policy Engine

The business world today is built on the pervasive use of cryptography, to authenticate people and processes, to secure communications, and to protect sensitive data.

Achieving Agile Cryptography Management with Crypto Service Gateway (CSG)

Achieving Agile Cryptography Management with Crypto Service Gateway (CSG)

Cryptomathic's Crypto Service Gateway (CSG) helps you realize business-agile and efficient crypto services, with central control of security policy and crypto hardware. In this article, we will look at some of the uses cases that address common cryptography headaches whilst generating a strong return on investment.

Achieving Software Integrity Through Centralized Code Signing

Achieving Software Integrity Through Centralized Code Signing

The phrase “…Software is eating the world.” was famously used by Marc Andreessen in a WSJ article in 2011. It is now 2020, and one could argue that software has successfully eaten the world.

The SHA-1 Attack Further Emphasizes the Need for Crypto-Agility 

The SHA-1 Attack Further Emphasizes the Need for Crypto-Agility 

The first practical chosen-prefix collision attack on SHA-1 was announced in January 2020 by researchers Gaëtan Leurent and Thomas Peyrin: “SHA-1 is a Shambles”.  

SHA-1 is Practical and Cost-Effective to Crack Now

SHA-1 is Practical and Cost-Effective to Crack Now

This article discusses recent warnings that a chosen-prefix collision attack on SHA-1 is now practical and cost-effective for attackers.

How Tokenization May Reduce False Declines

How Tokenization May Reduce False Declines

This article discusses how tokenization may reduce false declines with credit card transactions that could negatively impact merchants.

Technologies Behind Tokenization For Card Payments And PCI-DSS

Technologies Behind Tokenization For Card Payments And PCI-DSS

The EMV consortium released several standards detailing how “network” tokenization should be handled. There is now a general consensus within the consortium that tokenization could be the next major task for EMV payments.