In light of new PCI-DSS requirements stating that SSLv3 no longer meets the specification for “strong cryptography” prescribed by PCI standards, we wanted to give you a brief history of how the industry got here and why SSLv3 is no longer considered secure.
After a string of high-profile account compromises that included the Associated Press and Burger King, Twitter has added an additional (but optional) layer of authentication to help protect users from being the next big-name account that's compromised.
If you're a fan of delicious restaurants, awesome concert venues, Big 10 sports, or just a bike-friendly city, then you should probably be working with us in beautiful downtown Ann Arbor, Michigan. The team at NetWorks Group works at the corner of Main and Huron, a central-point to blocks of great places to shop, eat, and relax at. Located a short distance from the University of Michigan, NetWorks Group benefits from the feeling of both a college-town and an active business hub for southeastern Michigan. For a vibrant mixture of cultures, architecture, and activities, Ann Arbor is hard to beat!
Topics: Ethical Hacking, Information Security, Managed Detection & Response, Penetration Testing, Security Monitoring, Threat Management, Threat Hunting, Device Management, Compliance, Security Architecture Review, Incident Response, Vulnerability Management
Welcome to the new NetWorksGroup.com! Over our last 15+ years, the environment around IT infrastructure — especially security — has evolved to an extent that to keep up with best practices and compliance standards most organizations require an on-staff security team, and we're here to be that team.
The Certificate Authority (CA) system that currently handles how we publicly interact 'securely' with web sites, mail servers, and other services around the world can't catch a break. In the latest black-eye, an Entrust bulletin speaks about how a Malaysian CA called Digicert Malaysia recently issued 22 certificates with glaring CPS violations including the usage of 512-bit RSA keys. At this time, there's no suggestion of fraud or criminal activity being involved, but it's certainly confusing why this would have happened without it.
If you weren't paying attention during the early Summer months this year, you may have missed the overwhelming rate at which web sites were being publicly compromised and mocked. Often, these sites were prone to compromise due to SQL injection and other common web site vulnerability avenues. Even Barracuda Networks was compromised when apparently they took down their own security product for maintenance and were taken advantage of.