Encryption is widely recognized as the gold standard for protecting data
privacy, but encryption is only as strong as its key management. Critical
credential files such as Oracle wallet files, Java KeyStores, Secure Shell
(SSH) key files, and Secure Sockets Layer (SSL) certificate files are often
widely distributed across servers and server clusters that use error-prone
synchronization and backup mechanisms. As organizations increasingly encrypt
data at rest and on the network, securely managing all the encryption keys
and credential files in the data center has become a major challenge.
At the same time, organizations also need to comply with stringent regulatory
requirements for managing keys and certificates. Many global regulations and
industry standards call for audits demonstrating that keys are routinely
rotated, properly destroyed, and accessed solely by auth... (more)
Like most application servers, WebSphere 8.5 has a rich management
infrastructure based on JMX, or Java Management Extensions. In fact, the
WebSphere administration console uses JMX to connect to the server to issue
queries and perform administrative operations. In a previous post I showed
you how to secure JBoss’ JMX connector. While there is a lot of information
out there on how to connect to WebSphere via JMX, most of the examples
involve either disabling SSL, or worse – disabling security globally. So
let’s see how we can access WebSphere’s JMX connector remotely in a
Comodo code-signing certificates enable developers to sign Mozilla extensions
or "Add-ons" for a wide variety of different operating systems such as
Microsoft Windows, Mac OS X and Linux. Mozilla applications recognize XPIs as
"trusted" when they are signed with a Comodo Code-Signing certificate.
XPI (pronounced "Zippy") is short for "Cross Platform Install." XPI enables
Developers to create installer modules for their programs meant to enhance
Mozilla applications such as Firefox, Thunderbird, Sea Monkey and Sunbird.
Comodo Code-Signing certificates verify and authenticate the ent... (more)
Jersey City, NJ, September 03, 2009 - Healthcare practices need expertise in
information technology in order to comply with regulations such as the Red
Flag Rule and HIPAA. Comodo now offers a free trial of a hardware-free
solution that allows healthcare networks to comply with two-factor
Comodo's cost-effective and flexible two-factor authentication solutions
eliminate the need for cumbersome physical tokens and expensive new hardware.
Comodo's innovative approach allows practices to use one-time passwords,
challenge questions, secure cookie technol... (more)
I saw this tweet this morning and I thought "+1" (I guess I am a geek if I am
thinking in Digg/Slashdot shorthand).
The problem is that in Information Security, "security" is all-too-often used
to mean only encryption. A line is considered "secure" if it's encrypted. But
often, the real "security" requirements are much broader and include
management (as in access management, identity management), business
continuity defense against denial-of-service, and privacy.
I think language is a big issue here. I've always found it interesting that
in German, the words for "security" and "ce... (more)
Jersey City, NJ, November 18, 2009 - Buying or borrowing software on the
Internet carries risks, both for the developer and for the person who plans
to use it. End users who install malicious software in their computers may
lose their purchase price. Worse, they may risk damaging their computers.
Developers risk that someone may intercept their software file and alter it,
adding deleterious code. Such alterations could damage their professional
Developers who sell or exchange software can protect their code and their
reputations by using code-signing certificates. C... (more)