encrypt

Last week, McAfee bought SafeBoot, while Check Point Software Technologies grabbed PointSec a few months back. Why are we seeing a PC-encryption shopping spree? Because large organizations are no longer willing to gamble with lost or stolen laptops. For $200 or less, I can encrypt each laptop that goes out the door. This seems like a better use of money than coughing up $250 million of unanticipated CYA spending as the result of a data breach.

So here's the problem with this scenario and software-based encryption. Software utilities are about to hit a wall called Moore's Law. Cryptographic … Read more

While we East Coast folks celebrated Columbus Day, McAfee announced its acquisition of privately held SafeBoot for $350 million. SafeBoot provides software for file and full disk encryption.

Now, I certainly understand the rationale behind this deal. McAfee can now bundle encryption software into its PC security software and integrate key management into its ePolicy Orchestrator (ePO). We saw this same market consolidation pattern a few years ago with antispyware, which went from a stand-alone product to an integrated feature in endpoint security suites. In that transition, CA bought antispyware vendor Pest Patrol, while Microsoft grabbed Giant. Obviously, the same … Read more

Programmers have bypassed a new difficulty in providing Linux support for the latest-generation iPods.

Already, iPods weren't simple to use in Linux, because Apple prefers people use iTunes to access the media players and doesn't supply a Linux version of the software. The newest iPods, though, didn't work at all, according to the iPod-minus-iTunes blog. The database that the iPod uses to keep track of songs, videos, album art and other data was encrypted in the new models, the programmers said. That means Linux music-management software such as Amarok or Rhythmbox wouldn't work.

Over the weekend, … Read more

Various security companies are today reporting targeted attacks made on Fortune 1000 companies over the weekend. What's notable is that documents within each of the affected companies were stolen, encrypted, then the companies were offered a decryption key for a fee. What's odd is that the amount requested as ransom was a mere $300.

Reuters reports companies hit by the attack include Booz Allen, Unisys, Hewlett-Packard and Hughes Network Systems. Security vendors report having identified hundreds more.

The attack works like this. Malware writers target a handful of companies, somehow manage to sneak their code past the corporate … Read more

A recent court case provides a rare glimpse into how some federal agents deal with encryption: by breaking into a suspect's home or office, implanting keystroke-logging software, and spying on what happens from afar.

An agent with the Drug Enforcement Administration persuaded a federal judge to authorize him to sneak into an Escondido, Calif., office believed to be a front for manufacturing the drug MDMA, or Ecstasy. The DEA received permission to copy the hard drives' contents and inject a keystroke logger into the computers.

That was necessary, according to DEA Agent Greg Coffey, because the suspects were using … Read more

For the most part, security technology procurement is a struggle as security budgets have always been low and remain under-funded.

Security executives have to justify purchases in terms of business risk--a daunting task for even the most skilled professionals. As the old saying in the security world goes, organizations don't want good security, they want good-enough security. Paying for anything more is often viewed as a waste.

In general, frugal security strategies remain but my colleagues and I at Enterprise Strategy Group see one particular area that bucks this trend--full disk encryption (FDE) for laptops. Many large organizations are … Read more

Digg exploded into riot on Tuesday.

A story was posted that contained the hexadecimal decryption key that allows Linux users to decode and play HD DVDs. The Digg staff received a request from the Advanced Access Content System License Administrator to remove the story, interpreting the request as following the law and as falling under Digg's preexisting terms of use that prohibit the posting of infringing content. Jay Adelson explained this in his blog post at 1 p.m. on May 1.

The Digg user community was not to be silenced, and found a way to route around this … Read more

Computer users may not be hitting any piñatas or streamers to celebrate security software publisher PKWare's 20th birthday, but the software-publisher is hoping that a free full-version giveaway of its security program SecureZip for Windows will make users grin all the same.

The Register reports that "the release of a free version of the product marks the 20th anniversary of the firm and comes at the start of the Infosec conference in London this week."

Best known by CNET Download.com users for the original ZIP-file compression app PKZip, PKWare specializes in enterprise software. It … Read more

Whenever we hear the word "dictation," we recall those cliched movie scenes of executives calling secretaries into their offices to take shorthand. But products like the "Digital Pocket Memo 9600" from Philips remind us how far technology has evolved the practice.

When used with its new docking station, the device can transfer dictations through a local network or the Internet to a transcriptionist or voice-recognition system without a computer, according to Gizmag. Real-time encryption and password protection ensure security, and a bar-code reader can be used to scan patient or client information and attach it directly … Read more