Protecting truckloads of data on the information superhighway

SSL Journal

Subscribe to SSL Journal: eMailAlertsEmail Alerts newslettersWeekly Newsletters
Get SSL Journal: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn

Top Stories

Encryption is widely recognized as the gold standard for protecting data privacy, but encryption is only as strong as its key management. Critical credential files such as Oracle wallet files, Java KeyStores, Secure Shell (SSH) key files, and Secure Sockets Layer (SSL) certificate files are often widely distributed across servers and server clusters that use error-prone synchronization and backup mechanisms. As organizations increasingly encrypt data at rest and on the network, securely managing all the encryption keys and credential files in the data center has become a major challenge. At the same time, organizations also need to comply with stringent regulatory requirements for managing keys and certificates. Many global regulations and industry standards call for audits demonstrating that keys are routinely rotated, properly destroyed, and accessed solely by auth... (more)

Configuring JMX in WebSphere 8.5

Like most application servers, WebSphere 8.5 has a rich management infrastructure based on JMX, or Java Management Extensions. In fact, the WebSphere administration console uses JMX to connect to the server to issue queries and perform administrative operations. In a previous post I showed you how to secure JBoss’ JMX connector. While there is a lot of information out there on how to connect to WebSphere via JMX, most of the examples involve either disabling SSL, or worse – disabling security globally. So let’s see how we can access WebSphere’s JMX connector remotely in a secur... (more)

Comodo Code Signing Certificate Supports Mozilla Standards

Comodo code-signing certificates enable developers to sign Mozilla extensions or "Add-ons" for a wide variety of different operating systems such as Microsoft Windows, Mac OS X and Linux. Mozilla applications recognize XPIs as "trusted" when they are signed with a Comodo Code-Signing certificate. XPI (pronounced "Zippy") is short for "Cross Platform Install." XPI enables Developers to create installer modules for their programs meant to enhance Mozilla applications such as Firefox, Thunderbird, Sea Monkey and Sunbird. Comodo Code-Signing certificates verify and authenticate the ent... (more)

Medical Practices Can Use Two-Factor Authentication

Jersey City, NJ, September 03, 2009 - Healthcare practices need expertise in information technology in order to comply with regulations such as the Red Flag Rule and HIPAA. Comodo now offers a free trial of a hardware-free solution that allows healthcare networks to comply with two-factor authentication requirements. Comodo's cost-effective and flexible two-factor authentication solutions eliminate the need for cumbersome physical tokens and expensive new hardware. Comodo's innovative approach allows practices to use one-time passwords, challenge questions, secure cookie technol... (more)

Jill Tummler Singer of the CIA Speaks on "Cloud Safety" : +1

I saw this tweet this morning and I thought "+1" (I guess I am a geek if I am thinking in Digg/Slashdot shorthand). The problem is that in Information Security, "security" is all-too-often used to mean only encryption. A line is considered "secure" if it's encrypted. But often, the real "security" requirements are much broader and include management (as in access management, identity management), business continuity defense against denial-of-service, and privacy. I think language is a big issue here. I've always found it interesting that in German, the words for "security" and "ce... (more)

Developers and End Users Benefit from Code-signing Certificates

Jersey City, NJ, November 18, 2009 - Buying or borrowing software on the Internet carries risks, both for the developer and for the person who plans to use it. End users who install malicious software in their computers may lose their purchase price. Worse, they may risk damaging their computers. Developers risk that someone may intercept their software file and alter it, adding deleterious code. Such alterations could damage their professional reputations. Developers who sell or exchange software can protect their code and their reputations by using code-signing certificates. C... (more)