http://www.eldos.com/blog/Security_News/ http://www.eldos.com/blog/Security_News/ The blog collects information about security events worldwide. en http://backend.userland.com/rss2 Fri, 16 May 2008 23:42:53 -0500 Blogspot service. New posts will appear there. ]]> http://www.eldos.com/blog/Security_News/51.php http://www.eldos.com/blog/Security_News/51.php Wed, 27 Feb 2008 04:05:49 -0600 Security news Authentication And Online Trust Alliance has published a report that reviews current situation of e-mail authentication among large companies and ogranizations. The report says that more than a half of all e-mail is authenticated. What does this mean?

Authentication of the sender is an important step in fight against unauthorized e-mail. Now, when so much e-mail is authenticated, it's vital that the verification takes place on all stages of e-mail processing, and that e-mail is handled properly (this includes acceptance of the valid authenticated e-mail and lowering the weight of other factors when e-mail is authenticated right).

The most widespread authentication mechanisms are Sender ID (formerly SPF) and DKIM (formerly DomainKeys).

MIMEBlackbox package of SecureBlackbox includes both signing and verification of DKIM-signed e-mails.

The report itself can be found here.

You will find lots of useful information, related to authentication schemes, their supporters etc. in this report. ]]> http://www.eldos.com/blog/Security_News/50.php http://www.eldos.com/blog/Security_News/50.php Sat, 02 Feb 2008 10:33:09 -0600 Security news the good article "for dummies" why obscurity is not always bad.

]]> http://www.eldos.com/blog/Security_News/49.php http://www.eldos.com/blog/Security_News/49.php Fri, 18 Jan 2008 01:23:30 -0600 Security news
The only thing I wish this card could do is optionally give away the fingerprint, working as a fingerprint scanner. This particular card doens't do this, but I believe we'll see such cards soon.

Read the description of the card.

]]> http://www.eldos.com/blog/Security_News/48.php http://www.eldos.com/blog/Security_News/48.php Thu, 06 Dec 2007 06:31:15 -0600 Security news
It's a common task when you need to know more about some person. Google seems to be the obvious approach. But is it the best one? There are numerous less known ways and the site (below) seems to offer the whole section about this topic.

The article I came across is here ]]> http://www.eldos.com/blog/Security_News/47.php http://www.eldos.com/blog/Security_News/47.php Tue, 04 Dec 2007 02:39:07 -0600 Security news
First of all, it's a code that was carefully checked for possible weak places and security vulnerabilities. While there were not much security fixes, some places in the code could affect the performance of the system, if they dealt with specialy prepared data. Obviously, I can't tell much until SBB 6 is released.

Another important addition is introduction of Elliptic Curve Cryptography (ECC or EC cryptography) mathematics and algorithms. As written in one of the previous blog posts, EC cryptography promises better speed on much shorter keys. It is considered to be the algorithm set of choice in the next 15-20 years. SecureBlackbox is one of the first security toolsets to provide EC crypto support.

One more thing is various improvements in SSH and SFTP protocols. SSH components are one of the most used components in SecureBlackbox. And it's not a surprise, as demand for secure remote access and secure file exchange grows. SecureBlackbox with it's SFTPBlackbox package is the leading component collection for SFTP support, with unbeated combination of numerous features and low price.

Finally, we have plans to re-write the source code of ActiveX edition, in order to remove the mess with secondary interfaces in various controls. In SecureBlackbox 5 and before each control implemented a number of interfaces (such as IElSftpClientX, IElSftpClientX2, IElSftpClientX3 etc.). In SecureBlackbox 6 there will be new interfaces and new controls. This will let the users easily call various functions from scripting environments and will reduce the number of lines of code, needed to use the components. Of course, for compatibility with existing applications and user code the old interfaces will be available too.

See our News section for upcoming news about SecureBlackbox 6. ]]> http://www.eldos.com/blog/Security_News/46.php http://www.eldos.com/blog/Security_News/46.php Sun, 02 Dec 2007 12:54:28 -0600 Security news
Read the article ]]> http://www.eldos.com/blog/Security_News/45.php http://www.eldos.com/blog/Security_News/45.php Sun, 02 Dec 2007 12:42:08 -0600 Security news To my understanding, most of such schemes were introduced without serious scientific analysis of their strength.

Recently the new approach has been announced. You will find a very interesting, detailed and scientific-looking description of the scheme inthis paper (PDF document). ]]> http://www.eldos.com/blog/Security_News/44.php http://www.eldos.com/blog/Security_News/44.php Mon, 05 Nov 2007 12:01:55 -0600 Security news
But recently I came across the small article which describes the differences between several similar yet different terms and technologies.

Read the article. ]]> http://www.eldos.com/blog/Security_News/43.php http://www.eldos.com/blog/Security_News/43.php Sun, 14 Oct 2007 06:48:07 -0500 Security news
DRM is often confused with encryption and vice versa. It is important to understand, that encrypting the data doesn't necessarily give you protection for your data. The one who can decrypt it (legitimately) becomes the possessor of the information and copy and distribute it (no matter if he has the rights to do this). Encryption can't prevent distribution. But DRM can. Can it?

Here's the article that gives you the basic understanding of what DRM does. ]]> http://www.eldos.com/blog/Security_News/39.php http://www.eldos.com/blog/Security_News/39.php Sun, 14 Oct 2007 02:47:13 -0500 Security news