Google Online Security Blog: Project Wycheproof. Posted by Daniel Bleichenbacher, Security Engineer and Thai Duong, Security Engineer We’re excited to announce the release of Project Wycheproof, a set of security tests that check cryptographic software libraries for known weaknesses.
We’ve developed over 80 test cases which have uncovered more than 40 security bugs (some tests or bugs are not open sourced today, as they are being fixed by vendors). For example, we found that we could recover the private key of widely-used DSA and ECDHC implementations. We also provide ready-to-use tools to check Java Cryptography Architecture providers such as Bouncy Castle and the default providers in OpenJDK. The main motivation for the project is to have an achievable goal. FortiGuard Services Application Control. Improve security and meet compliance with easy enforcement of your acceptable use policy through unmatched, real-time visibility into the applications your users are running.
With FortiGuard Application Control, you can quickly create policies to allow, deny, or restrict access to applications or entire categories of applications. Application Control is available as part of the NGFW service through the FortiGate next generation firewall and is a part of why Fortinet tied for the highest overall security effectiveness at 99.97% in the 2016 NGFW security tests from NSS Labs.
Conventional firewalls that only identify ports, protocols, and IP addresses can’t identify and control applications, but a next generation firewall can. FortiGate next gen firewalls with FortiOS and centralized management solutions offer extensive visibility into application usage in real time, as well as trends over time through views, visualizations, and reports. The FortiGuard Application Control Service:
Index. Secure Trading hires reformed hacktivist to consult on blockchain p... Secure Trading, the payments and cyber security group, has today announced the appointment of reformed hacktivist and renowned cyber security expert, Mustafa Al Bassam.
SQLCipher - Zetetic. SQLCipher has a small footprint and great performance so it’s ideal for protecting embedded application databases and is well suited for mobile development.
Blazing fast performance with as little as 5-15% overhead for encryption 100% of data in the database file is encrypted Uses good security practices (CBC mode, key derivation) Zero-configuration and application level cryptography Algorithms provided by the peer reviewed OpenSSL crypto library. Cyber-security Information Sharing Partnership (CiSP) - NCSC Site. Already a member?
Sign in Not yet a member? Becoming a member of CISP requires a two-step process: 1. Your organisation needs to join CiSP. Register your organisation. Cyber Essentials - OFFICIAL SITE. The Cyber Essentials scheme provides businesses small and large with clarity on good basic cyber security practice.
By focusing on basic cyber hygiene, your company will be better protected from the most common cyber threats. Cyber Essentials is for all organisations, of all sizes, and in all sectors - we encourage all to adopt the requirements as appropriate to their business. This is not limited to companies in the private sector, but is also applicable to universities, charities, and public sector organisations. Cyber Essentials is mandatory for central government contracts advertised after 1 October 2014 which involve handling personal information and providing certain ICT products and services. Find out more here. The Cyber Essentials scheme has been developed as part of the UK’s National Cyber Security Programme and in close consultation with industry.
NCSC Site. VocaLink Connect - VocaLink triumphs at the Cyber Security Awards. VocaLink's campaign, which was launched to raise employee awareness of the various forms of cyber threats that the company is exposed to on a daily basis, was celebrated for its pioneering approach to cyber security.
VocaLink was shortlisted alongside a number of companies, before winning the coveted award, in a highly competitive category. IBM Watson Brings AI Wonders to Cybersecurity. After dominating its human competitors on the television gameshow Jeopardy!
, IBM’s artificial intelligence platform Watson began dabbling with healthcare, pharmaceuticals, finance, education—even cooking. Now the machine is dipping its (robot) toes into the cybersecurity business. Dropbox hack 'affected 68 million users' Image copyright dropbox A Dropbox security breach in 2012 has affected more than 68 million account holders, according to security experts.
Last week, Dropbox reset all passwords that had remained unchanged since mid-2012 "as a preventive measure". In 2012, Dropbox had said hacks on "other websites" had affected customers who used their Dropbox password on other sites too. But now what purports to be the details of 68.6 million Dropbox accounts have emerged on hacker trading sites. The 5GB document has been acquired by a Motherboard reporter, who also said it had been verified as genuine by a "senior Dropbox employee" speaking on the condition of anonymity.
The data includes email addresses and hashed passwords. But security researcher Troy Hunt, who has also seen the document, said the hashing algorithm that obscured the passwords was "very resilient to cracking". Mr Hunt said he had managed to independently verify the hack by finding the password of his wife within the cache. Secure Content Delivery, DDOS and WAF Service. Online rental fraud rising steeply. Rental fraud is rising sharply, the BBC has learned during an investigation in which it confronted two online fraudsters for their crimes.
Scam artists offer cheap flats for rental, demanding instant deposits. But they do not actually own the homes - and would-be tenants' cash is lost. Reports of rental fraud in England and Wales leapt from 2,216 in 2014 to 3,193 in 2015. BBC researchers posed as tenants to expose tricks used by fake landlords. More news on this and other stories from London One advert fraudsters attempted to place on the flat-sharing website EasyRoomMate offered a plush Kensington apartment for just £700 per month, far below the market rate. Google. Second bank cyber-attack detected by Swift after Bangladesh raid. Image copyright Thinkstock A cyber-attack, similar to one that saw $81m (£56m) stolen from Bangladesh's central bank, has hit a second bank. The warning about the second attack came from Swift, which oversees the financial messaging network that underpins global money transfers.
Swift said the target was a commercial bank but did not name the organisation or reveal if any cash had been taken. The attack used techniques and tools resembling those used to steal cash from Bangladesh in February, it said. Swift is used by about 11,000 financial institutions around the world to move large amounts of cash. Security snapshot reveals massive personal data loss. Image copyright Reuters More than 500 million digital identities were stolen or exposed in 2015, suggests a report from security firm Symantec. In addition, it said, fake technical support scams rose by 200% and crypto-based ransomware attacks grew by 35%. Hackers also made more use of unknown software bugs to make sure attacks work, said the annual threat report. It said the gangs behind the attacks had become more professional and now resembled legitimate software firms.