Your browser identified itself as a version of IE that was often shipped with default settings that were less than secure. Your internet experience could be made more secure by opening Internet Options in your browser, going to the Advanced tab and looking under the security settings for "Use TLS 1.1" and "Use TLS 1.2". Ensure these are turned on (checked). Doing so will enable your browser to support a higher quality of encryption on this and other websites. You will still be able to browse this site without turning on support for TLS 1.1 and 1.2, but we will have to use a lower level of encryption to accomodate you. See this question on Stack Exchange's Superuser forum from 2011 for more details keeping in mind the comments about TLS 1.2 non-support were made many years ago, and things have changed since then.

If the support for better cryptography has been turned on for your browser, thank you, and you can safely ignore this advisory.

Browser Security Alert

Blog


It's easy to say that our society needs better cybersecurity. The daily barrage of cyber attacks against companies, government agencies, and individuals has made that that clear enough.

The hard part is finding a path forward— developing a strategy that involves the right stakeholders, addresses the right threats, and strikes the right balance between privacy and security. It seems that for every step we take toward better security, we take a step back as politicians, law enforcement officials, and corporate leaders continue to pursue conflicting agendas.

Read more ...

What happens when someone sees a USB drive lying on the sidewalk? About half of the time, as multiple experiments have demonstrated, the person will pick up the drive, take it home, and plug it into his or her computer.

What happens next depends on what’s on the drive. If it contains identifying information, the finder might return it to its rightful owner. If it contains malware, it might kick off a widespread cybersecurity crisis. If it contains a few gigabytes of classified airport security information, including patrol timetables and maps of the security facilities used by foreign dignitaries, it becomes one of the most embarrassing security breaches of the year.

Read more ...

Two months after it first disclosed the theft of 145 million consumers' personal information, Equifax is still finding ways to make the story worse.

In the latest round of congressional hearings, Richard Smith, Equifax's former CEO, confirmed that the lack of encryption on the stolen data was not caused by an error or oversight, but by a conscious decision not to encrypt. That decision seems questionable, to say the least, given that the people whose data Equifax lost had essentially no say in whether their information was part of the database to begin with.

As perplexing as Richard Smith's testimony may have been, it was the company's new interim CEO, Paulino do Rego Barros Jr., who provided the day's most difficult-to-believe sound bite.

Read more ...

The world got a glimpse of the future in December 2015, when hackers—presumably Russian—shut down a Ukrainian power station, leaving hundreds of thousands of people without electricity.

Although numerous reports had documented the vulnerability of power grids to cyber threats, the Ukraine breach was the first large-scale demonstration of the havoc a hostile organization can create with an attack on public infrastructure. In this case, power was restored after a few hours with relatively little lasting damage. The next time, things may be much worse.

Read more ...

We’ve seen it in countless horror movies. The good guys, on the run from a homicidal maniac, barricade themselves inside a house. They booby-trap the yard, seal off the doors, and board up the windows, only to discover that the killer is already INSIDE THE HOUSE.

As familiar as the plotline might be in slasher films, it’s even more common in the world of cybersecurity. Organizations spend millions on firewalls, intrusion detection systems, and other perimeter defenses, only to find that their sensitive data is being compromised by their own employees and business partners.

Read more ...

Consider a typical AES encryption key: 256 binary digits, arranged into one of an unthinkably large number of possible combinations. You feel safe using that key, because you know that it would take every computer in the world, working nonstop for longer than the age of the universe, to produce that exact same combination of digits. Assuming you keep it protected, the only people who will ever know the key are the ones who are supposed to have it.

But have you ever stopped to wonder where exactly that combination of digits came from? The people trying to steal your data may be wondering the same thing.

Read more ...

Six months ago, the New York State Department of Financial Services formally adopted a set of cybersecurity requirements for banks, insurance companies, and other financial services companies that operate in New York. These requirements, commonly known as NYCRR 500, represent the first real cybersecurity law in the United States. After an initial 180-day transition period, several of the law's provisions are now in effect.

Read more ...

Even when you know you’re doing things right, it’s nice to get external validation, especially when it comes from experts in the field. That’s why we’re thrilled to report that PKWARE is listed three separate times in the latest Gartner Hype Cycle Reports for Threat-Facing Technologies.

The Gartner report, which focuses on technologies that protect enterprise IT infrastructure against advanced cybersecurity threats, lists PKWARE by name in three categories: format-preserving encryption, enterprise key management, and database encryption.

Read more ...