RSA, the security division of EMC (NYSE:EMC), has announced major updates to its Adaptive Authentication, which are aimed at striking a more effective balance against advanced threats while at the same time preserving ease-of-use.
New malware such as Zeus, Citadel and the recently discovered Gozi Prinimalka Trojan, have continued to change the landscape of IT security by posing a higher level of threat that is typically mitigated by more complex security responses.
At the Black Hat 2012 conference scheduled for July 21-26 in Las Vegas, cybersecurity firms are sharing information on how to keep up with rapidly evolving threats. One researcher says it’s not enough to fight known threats but to also track down the developing threats as they just start to emerge.
“We focus on threats that don’t have names,” said Will Gragido, senior manager of the Advanced Threats Intelligence team, a newly-formed unit at the cybersecurity firm RSA. “We bring to light threats that are otherwise unknown.”
Scientists have devised an attack that takes only minutes to steal the sensitive cryptographic keys stored on a raft of hardened security devices that corporations and government organizations use to access networks, encrypt hard drives, and digitally sign e-mails.
Authentication expert Moxie Marlinspike had trouble getting into the RSA security conference in San Francisco on Monday, due to a lack of ID.
Marlinspike, who was due to speak at the conference, arrived to register on Monday afternoon shortly after ZDNet UK. Marlinspike was asked by the registration staff if he had any picture ID, such as a driving licence, to prove who he was. Marlinspike, who is a noted privacy expert, replied that he does not drive, and that he did not have any picture ID with him.
Cryptography researchers collected millions of X.509 public-key certificates that are publicly available over the web and found what they say is a shockingly high frequency of duplicate RSA-moduli keys.