NEWS: Attack Renders Popular Encryption Hardware Vulnerable. Popular chips used to encrypt smart cards and other hardware have security flaws rendering the encryption easy to crack. The software library for the latest-generation Infineon brand chips has a problem in its implementation of the RSA encryption standard, first discovered by researchers at the Centre for Research on Cryptography and Security. Companies including Google, Microsoft, Fujitsu, HP and Lenovo use the chips. Read more
DOJ: ‘Responsible Encryption’ is the New ‘Going Dark’. The DOJ calls for ‘responsible encryption’ to comply with court orders. Plus, there’s more bad cybersecurity news for banks, and Accenture data in AWS gets exposed. Read the rest
FYI: Serious Flaw in WPA2 Protocol Lets Attackers Intercept Passwords and Much More. Researchers have disclosed a serious weakness in the WPA2 protocol that allows attackers within range of vulnerable device or access point to intercept passwords, e-mails, and other data presumed to be encrypted, and in some cases, to inject ransomware or other malicious content into a website a client is visiting. The proof-of-concept exploit is called KRACK, short for Key Reinstallation Attacks. The research has been a closely guarded secret for weeks ahead of a coordinated disclosure that was scheduled for 8am Monday, East Coast time. A website disclosing the vulnerability said it affects the core WPA2 protocol itself and is effective against devices running Android, Linux, and OpenBSD, and to a lesser extent macOS and Windows, as well as MediaTek Linksys, and other types of devices. The site warned that attackers can exploit the flaw to decrypt a wealth of sensitive data that’s normally encrypted by the nearly ubiquitous Wi-Fi encryption protocol. Find out more
HOMELAND SECURITY: Orders Federal Agencies to Start Encrypting Sites, Emails. Three-quarters of the federal government uses encryption. Homeland Security says that isn’t enough. Find out more
NOW ON SLIDESHARE: Tech Update Summary from Blue Mountain Data Systems September 2017 https://www.slideshare.net/BMDS3416/tech-update-summary-from-blue-mountain-data-systems-september-2017.
IT SECURITY SUPPORT: Blue Mountain Data Systems is actively involved in implementing FISMA and NIST standards with Federal Civilian Agencies. Due to our extensive experience in this area, Blue Mountain has developed processes and organizational techniques to help ensure security deliverables are completed on time, and performed in the most efficient manner possible. We ensure that NIST-800-53 control requirements are treated consistently during definition, analysis, implementation, auditing, and reporting phases of a system. Find out more about Blue Mountain Data Systems IT Security Support Services. Call us at 703-502-3416.
BLUE MOUNTAIN DATA SYSTEMS HAS THE EXPERIENCE: 1994 to Present – U.S. Dept. of Labor, Employee Benefits Security Administration. Responsible to the Office of Technology and Information Systems for information systems architecture, planning, applications development, networking, administration and IT security, supporting the enforcement of Title I of the Employee Retirement Income Security Act — ERISA. Within the EBSA, Blue Mountain is responsible for design, development and support for its various enforcement database management systems, as well as all case tracking and customer service inquiry systems. Blue Mountain also provides IT security services to the EBSA, in the form of FISMA Assessment and Authorization, System Security Plans, Risk and vulnerability assessments, monitoring and investigation support. Read more.