Blog iconBlog

Carolina Advanced Digital, Inc. > > CAD Quotables

“Penetration Testing: Dead in 2009? – CSO Magazine

Carolina Advanced Digital Quotables Penetration Testing: Dead in 2009 By Bill Brenner, Senior Editor December 08, 2008 — CSO Magazine Does penetration testing belong in the QA department? Fortify Co-Founder and Chief Scientist Brian Chess says 2009 will mark the end of pen tests as we know them. His theory is being met with resistance Read the story...
Read More
email email email email email email
profile iconPosted by cadinc

“MD5 insecurity affects all internet users” – SC Magazine

Carolina Advanced Digital Quotables MD5 insecurity affects all internet users SC Magazine Angela Moscaritolo December 31, 2008 Usually the bad actions of a company only affect its own customers. However, Certification Authorities (CA) that have not yet migrated away from MD5 to a more secure cryptographic hash function are causing problems that affect everyone, said Paul Kocher, president and chief scientist of Cryptography Research. Security professionals have sounded off after a team of researchers on Tuesday revealed a weakness in the MD5 cryptographic hash function which could allow an attacker to create a rogue Certification Authority (CA) certificate and potentially impersonate any website, including those secured by the HTTPS protocol. Read the story...
Read More
email email email email email email
profile iconPosted by cadinc

“Yes, Trust In The PKI Is Broken” – InformationWeek Analytics

Carolina Advanced Digital Quotables Yes, Trust In The PKI Is Broken InformationWeek Analytics By Mike Fratto Dec 30, 2008 The trust in digital certificates relies on the fact that the authority issuing the certificate has validated the identity of the person or company making the request and that the digital certificate can’t be forged. New research presented at the 25th Chaos Computer Congress shows that forging digital certificates is possible and practical. Trust in the SSL is now broken. SSL digital certificates are signed by certificate authorities, or CAs. When you go to an SSL-enabled Web site, the browser checks to see if the certificate was signed by a certificate authority contained in the browser. Read the story...
Read More
email email email email email email
profile iconPosted by cadinc

“The (Not Quite) End Of Security On The Internet” – InformationWeek

Carolina Advanced Digital Quotables The (Not Quite) End Of Security On The Internet InformationWeek Security Weblog By George Hulme Dec 30, 2008 Speaking at the 25th annual Chaos Communication Congress in Berlin, security researchers showed how they developed a rogue (forged) Certificate Authority digital certificate. Yes, this is a big deal. But no, the Internet isn’t broken. Generally speaking, a certificate authority is the trusted source that signs digital certificates (such as SSL certificates), kind of like a notary does in the physical world. That’s why, when you’re at www.mybankingsite.com, you’ll see a lock in your browser. This should mean that the Web site actually is www.mybankingsite.com and that your Web traffic is being sent to that site through a secured communications tunnel. But as colleague Mike Fratto explains in his post “Yes, Trust In The PKI Is Broken,” this new research shows that forging digital certificates is possible and practical. Read the story...
Read More
email email email email email email
profile iconPosted by cadinc

“Get More Bang for Your Buck” – IT World Canada

Carolina Advanced Digital Quotables More bang for your security buck By: Rafael Ruffolo – Computerworld Canada  (21 Nov 2008) Companies know they have to make some financial investment to protect their mission-critical systems and data, but the results aren’t always worth it. How to spend your IT security budget wisely… Read the article online...
Read More
email email email email email email
profile iconPosted by cadinc