In the blog S/MIME on Trial in 2013, I outlined some challenges using S/MIME to send secure email.
I also posed the question, was I confident the issues would be solved in a 3-5 year timeframe?
Well, here we are 3 years later, let’s take a look. Continue reading
In the address bar of THIS blog, you should see a little padlock… Continue reading
To see if a web site is secure, we have been trained to look for the padlock in the browser. Sadly, not all padlocks are the same… Continue reading
As we rapidly advance to the new world of the Internet of Things, security is slowly but surely starting to be talked about. Managing keys is an important part of this discussion.
Earlier in my career I had the privilege of working for Intercede, a company supplying smart card management systems. A core capability was the ability to manage the card lifecycle and credential lifecycle (e.g., PKI certificate), as distinct from other systems that manage credentials and placed them on cards without managing the card lifecycle. A part of the sales pitch was if you don’t manage the card lifecycle in the system, you will end up with a spreadsheet to manage the cards.
It has been shown that Heartbleed can be used to leak SSL private keys (if the attackers are lucky). So now many experts are recommending that you revoke and re-issue SSL certificates for your web server. Can the certificate revocation mechanism cope?
Each day we become more reliant on the Internet in both our personal and business lives, yet each day there are new stories of security failures. A key part of living and working on the Internet is the ability to be able to communicate securely; whether inter-personal communication, such as email or chat, or client / server communication to access a web site.
This blog looks at how and why secure communications fail, and what we can do about it.
For the last 3 months I have, by default, digitally signed my email. Well that was the plan…
In the article “why has encrypted email not taken off” I looked at some of the barriers to the widespread adoption of secure email. Certificate revocation was one factor discussed.
Whenever I visit a web site these days I get asked about cookies.
A quick survey around a family dinner table at Christmas revealed only 2 out of 10 people knew what the question was really asking (and we both work in the industry).