Pneumologist Dr. Laura Crotty joined professors from seven different UC San Diego departments and more than a dozen biomedical professionals on Thursday, Feb. 6 at Muirlands Middle School to educate the sixth- through eighth-grade students in ways that go beyond the conventional career day. The annual Muirlands STEAM Day had students engaged in learning about a multitude of industries that use traditional skills in innovative ways.

Sponsored by the Muirlands Middle School Foundation, the STEAM event was created to inspire the kids in the areas of Science, Technology, Engineering, Arts and Mathematics, said co-organizer Jaqueline Fisk, a Muirlands parent, industrial engineer and former STEAM event speaker. We volunteer to inspire the kids to not label themselves and see how certain skills are applied in the real world.

The event differs from a typical career day in that organizers really shape it so theres a bit of vision, explained Anna DeAngelis, Fisks co-organizer and fellow Muirlands parent. DeAngelis said this year, the event had a biomed theme that aligns with La Jolla high schools new biomed path. This year, we have speakers who show how they apply school subjects directly to their work, she continued, explaining that four of the speakers use math daily a mathematician, cryptography expert, an accountant, and a math tutoring director. Three others a novelist, a journalist and a linguistics professor use English and languages in their jobs.

Another feature of the event that sets it apart from others, Fisk stated, is that she and DeAngelis work with the presenters on doing demonstrations and interactions to show Muirlands students that science can be an exciting career.

Sugar & Scribe head cake decorator Ray Vizcaino details the science behind his cakes.

(Elisabeth Frausto)

Event presenter Kathy Williams, who teaches psychology at UCSD, as well as practicing privately with Rady Childrens Hospital, said she sees a great need for an event such as this one, as it illuminates possibilities for kids: They learn about psychology tricks used in video gaming and other industries, which they find very interesting.

Shortly after Fisk welcomed the presenters in the school auditorium, Muirlands eighth-grader Solomon Weinstein spoke, thanking them for their time. He remarked that these presentations help guide him and his peers into the future, and give the roots of the tree the water they need to keep this country alive and healthy.

Seventh-grader Emma Weibel also thanked those in attendance for taking the time to help educate the next generation of this world.

In her speech, eighth-grader Austin Milligan recalled how one presenter last year inspired her to pursue the biomed path at La Jolla High, which will allow her to explore more medical-focused classes that align with her interests. Speaking about all the presenters, she declared: Its hard not to be inspired!

After Muirlands principal Geof Martin thanked the speakers for donating their time and skills, the presenters dispersed to various classrooms where they spoke during different periods, as students rotated through, attending three different classes.

In one classroom, Dr. Reid Meloy, a board-certified forensic psychologist, spoke about criminal psychology and investigating the motives for crimes. In the room next door, Jacques Verstraete, a UCSD mathematics professor, posed math riddles to the students. Artist Karen Deicas DePodesta offered a hands-on presentation in art as she distributed painting supplies, encouraging students to blend mathematical learning into their creations.

In another building, Sugar & Scribe head cake decorator shared his experiences on baking shows for the Food Network, regaling his audience with how he uses engineering principles, such as weight distribution, to create his higher-than-three-feet-tall cakes.

These stories, Fisk stated, are what make the Muirlands STEAM event so memorable. This is what interests the kids, she said. Its not just about the jobs, but about the presenters lives; the ups and downs of getting there.

Follow this link:
Full STEAM Ahead: Muirlands Career Day links learning to skills and jobs - La Jolla Light

WISeKey drives innovations in IoT security with 23 strategic patents in the U.S.

Geneva, Switzerland/New York, USA 18 February WISeKeyInternational Holding Ltd. (WISeKey NASDAQ: WKEY; SIX Swiss Exchange: WIHN), cybersecurity delivering Integrated Security Platforms, today announced that it has registered a total of 23 new strategic patents in U.S. which are essential to the digital transformation applications that are fueling the growth in the IoT market (see list of U.S. patentshere).

With a rich portfolio of more than 46 patent families, covering over 100 fundamental individual patents, and another 22 patents under review, WISeKey continues to expand its technology footprint in various domains including the design of secure chips, near field communication (NFC), the development of security firmware and backend software, the secure management of data, the improvement of security protocols between connected objects and advanced cryptography.

For WISeKey, adding to its patent portfolio and intellectual property is key to ensuring that the company remains a major player in the IoT industry for years to come, providing their customers with scientifically proven technology that differentiates and protects their products from counterfeiting, adds valuable supply-chain tracking features, and prevents the loss of sensitive enterprise and consumer data.

Innovation is at the core of everything we do at WISeKey, commented Carlos Moreira, WISeKeys CEO and Founder, which is why we directed more than 18% of our annual revenue in 2019 (or approximately $4.5million) to R&D expenses in an effort to keep our products ahead of bad actors who are using the expanding surface area of the IoT landscape to disrupt critical services and cause harm to consumers.

Digital transformation in the IoT market is opening up new applications that can improve the efficiencies of power grids, use NFC chips embedded on pharmaceutical labels to provide better quality healthcare, or secure autonomous vehicles but its also creating new security risks, each with its own set of challenges and consequences. Digital identities provided as part of the WISeKey Integrated Security Platforms act as the first line of defense in IoT security architectures by giving each object its own unique, immutable, identity that can be used for strong authentication of the device and encryption of sensitive data as it travels from the edge to the cloud.

If you spread the estimated 50 billion connected devices across the predicted world population of 6.8 billion in 2020, you will end up with more than 7 IoT devices per person. Add on top of that the massive amounts of data being generated by each device, over 2.3 zettabytes by 2035, and you can immediately see how big the IoT security market is for WISeKey and why the investment in developing market-leading technologies is critical for their continued success.

About WISeKey

WISeKey (NASDAQ: WKEY; SIX Swiss Exchange: WIHN) is a leading global cybersecurity company currently deploying large scale digital identity ecosystems for people and objects using Blockchain, AI and IoT respecting the Human as the Fulcrum of the Internet. WISeKey microprocessors secure the pervasive computing shaping todays Internet of Everything. WISeKey IoT has an install base of over 1.5 billion microchips in virtually all IoT sectors (connected cars, smart cities, drones, agricultural sensors, anti-counterfeiting, smart lighting, servers, computers, mobile phones, crypto tokens etc.). WISeKey is uniquely positioned to be at the edge of IoT as our semiconductors produce a huge amount of Big Data that, when analyzed with Artificial Intelligence (AI), can help industrial applications to predict the failure of their equipment before it happens.

Our technology is Trusted by the OISTE/WISeKeys Swiss based cryptographic Root of Trust (RoT) provides secure authentication and identification, in both physical and virtual environments, for the Internet of Things, Blockchain and Artificial Intelligence. The WISeKey RoT serves as a common trust anchor to ensure the integrity of online transactions among objects and between objects and people. For more information, visitwww.wisekey.com.

Press and investor contacts:

Disclaimer:This communication expressly or implicitly contains certain forward-looking statements concerning WISeKey International Holding Ltd and its business. Such statements involve certain known and unknown risks, uncertainties and other factors, which could cause the actual results, financial condition, performance or achievements of WISeKey International Holding Ltd to be materially different from any future results, performance or achievements expressed or implied by such forward-looking statements. WISeKey International Holding Ltd is providing this communication as of this date and does not undertake to update any forward-looking statements contained herein as a result of new information, future events or otherwise.

This press release does not constitute an offer to sell, or a solicitation of an offer to buy, any securities, and it does not constitute an offering prospectus within the meaning of article 652a or article 1156 of the Swiss Code of Obligations or a listing prospectus within the meaning of the listing rules of the SIX Swiss Exchange. Investors must rely on their own evaluation of WISeKey and its securities, including the merits and risks involved. Nothing contained herein is, or shall be relied on as, a promise or representation as to the future performance of WISeKey.

Read more:
WISeKey Drives Innovations in IoT Security with 23 Strategic Patents in the U.S. - GlobeNewswire

IOHK, the software engineering company and lead developer of the Cardano blockchain, has today announced a donation of $500,000 in Cardanos native ADA cryptocurrency to the University of Wyomings (UW) Blockchain Research and Development Lab, in Laramie.

The donation will fund the research of practical applications of blockchain, including supply chain management, and proving the provenance of goods with automated smart contracts.

Wyoming is one of the worlds leading destinations for legislatively-enabled blockchain innovation due in large part to the work of theWyoming Blockchain Taskforceand other partners. The state has enacted a total of 13 blockchain-enabling laws, making it the only US state to provide a comprehensive, welcoming legal framework that enables blockchain technology to flourish, both for individuals and companies.

IOHKs $500,000 contribution will support UWs faculty and graduate students to develop practical applications for blockchain in real-world use cases. The company, that is built on peer-reviewed academic research is committed to the principle of open-source software development; such as hardware for cryptography, authentication, and measures against counterfeiting.

The real-world applications of blockchain are limitless and IOHKs donation of $500,000 in ADA, the native cryptocurrency of our Cardano blockchain platform to the University of Wyomings Blockchain Research and Development Lab will go some way toward realizing that potential and will help to bolster Wyomings burgeoning blockchain revolution. The Wyoming Blockchain Taskforces supportive business environment and the excellence of the University of Wyomings science research is what led IOHK to choose to invest here. We are incorporated here as a business and are very happy to play a small part in helping embed Wyomings position at the global heart of blockchain-based innovation. IOHK CEO, Charles Hoskinson

Since IOHK was founded in 2014, it has pioneered new territory in blockchain research, advancing industry knowledge with the work produced by its global team of cryptographers and researchers. The company is a research and development company and industry leader in the fields of cryptography and distributed systems. A growing network of academic partnerships supports its research and the Blockchain Technology Laboratory at the University of Edinburgh serves as the global headquarters for its various university collaborations.

The University of Wyoming is proud to be at the forefront of blockchain research and education, and we are grateful for this significant financial contribution from IOHK. This support will help us continue to move forward in a very exciting and promising field of innovation and discovery UW Acting President Neal Theobald

UWs Blockchain and Research Lab will graduate BS, MS and Ph.D. students who are fluent in the complexities of developing blockchain technology and, in particular, IOHKs functional programming languages and formal methods. The partnership will also investigate the design of ultra-low-power crypto-authentication chips for use in IoT systems and especially for applications that prove the provenance of manufactured goods.

Were immensely proud of the work the Task Force has achieved in making the state of Wyoming one of the worlds most attractive destinations for businesses looking to build innovative companies, developing real-world uses for blockchain technology. The Wyoming Legislature has already achieved several world firsts in passing an extensive series of laws supporting blockchain innovation and the use of cryptocurrencies, and were pleased to be able to continue that record. IOHKs $500,000 donation, in the native Cardano cryptocurrency, ADA, will not just fund research into real-world uses of blockchain technology, but will also develop Wyoming further as a talent hub for software engineers, trained in the most advanced software development methods in the world. Caitlin Long, former member of the Wyoming Blockchain Task Force

View original post here:
IOHK donates $500K in ADA to the Univ of Wyoming to drive blockchain use cases - CryptoNinjas

TozID Delivers Powerful Identity Defense-in-Depth for Workforces and Customers that Centralizes Single Sign-on and Decentralizes Risk in an Encryption-as-a-Service Platform

PORTLAND, OR, Feb. 13, 2020 (GLOBE NEWSWIRE) -- Tozny, the identity management and data privacy company built from the ground up with end-to-end encryption, has announced the launch of TozID, a secure identity management and Zero Knowledge Authentication solution built on open source verifiable cryptography. TozID is delivered as a Security-as-a-Service platform and via SDKs so that any business, regardless of encryption or security expertise, is able to quickly protect workforce and customer identities, personally identifiable information (PII), and systems access for defense-in-depth of Web, mobile, IoT and embedded applications.

A data breach can cost an organization priceless customer trust and millions of dollars in revenue, but is preventable with well implemented application-layer encryption. However, cryptography libraries are complex, developers lack the expertise necessary to integrate encryption correctly, and building strong encryption in-house is often cost or resource prohibitive, resulting in avoidable security failures. Built with technology developed for NIST and DARPA-funded projects, and leading security research firm Galois, TozID delivers the most secure and sophisticated identity and access management solution available to the commercial market.

Its an ethical imperative to protect the identities and data of users as well as a core differentiator for businesses that care about trust and protecting against the expensive and devastating effects of data leaks and breaches, says Isaac Potoczny-Jones, Founder and CEO of Tozny, We want to make the worlds most secure and trusted encryption technology available and accessible to every organization and the people that rely on them.

TozID centralizes identity and single sign-on without centralizing risk because it is built using Zero Knowledge Authentication, meaning Tozny never sends passwords over the network and does not handle key material or unencrypted application data. Customers are also able to easily integrate TozStore, Toznys encrypted storage solution for securing sensitive information directly at the browser or device level and in embedded solutions.

Additional features and benefits of TozID include:

An early adopter of Tozny is Charles River Analytics (CRA), who uses TozID and TozStore to secure sensitive health information for human subject research. One of the key challenges was to manage a large-scale dataset, collected from a large cohort of subjects, and distribute that data selectively to research partners: Toznys technology was easy to integrate and gives us a lot of peace of mind, said Bethany Bracken, Principal Scientist at CRA. Their approach to zero-knowledge data management, and the ability to control, parse and manage complex data sets with varying confidentiality requirements, could revolutionize this industry, says Bracken. Tozny checked a lot of compliance boxes for us in one fell swoop.

To learn more about TozID read the blog post.Get started with TozID to add encrypted identity and access management to your applications here.

About Tozny:

Tozny delivers Identity Management and Data Privacy solutions as a service and via SDKs to easily protect businesses, workforces, and individuals against data breaches and security threats. Built with technology developed for NIST and DARPA-funded projects, Tozny brings the worlds most secure encryption solutions to all businesses that require secure, compliant applications that people can trust. Tozny was founded by leading cryptography experts from security research firm Galois in 2013 and is based in Portland, OR. Visit https://tozny.com to learn more.

Attachments

Jennifer LankfordLankford Communicationsjennifer@lankfordpr.com

Continued here:
Tozny Launches TozID, the Identity and Access Management Solution with End-to-End Encryption for Application Data - Yahoo Finance

The Central Intelligence Agency (CIA) secretly owned a cryptography firm called Crypto AG that was used by governments around the world, according to a new report.

The revelation of the CIAs ownership of the companyand its ability to snoop on who was using the products for decadeswas reported by the Washington Post and ZDF, a German public broadcaster, on Tuesday.

Crypto AG, a Swiss firm, sold equipment to more than 120 countries over decades, the report says, and the CIA and West German intelligence rigged the companys devices so they could easily break the codes that countries used to send encrypted messages.

Among other things, the ownership of the company allowed the CIA and West German spies to see information from Iran, Argentina, and Libya.

A classified CIA report obtained by the news outlets called the Cyrpto AG situation the intelligence coup of the century, adding: Foreign governments were paying good money to the U.S. and West Germany for the privilege of having their most secret communications read by at least two (and possibly as many as five or six) foreign countries.

The company was liquidated in 2018.

You can read more of the Washington Post and ZDF investigation here.

READ MORE:

Continue reading here:
The CIA was secretly in control of an encrypted software sold to foreign governments - The Daily Dot

Quantum Cryptography Market research report provides details about Industry Chain structure, Market Competition, Market Size & Share, SWOT Analysis, Technology, Cost, Raw Materials, Consumer Preference, Development & Trends, Regional Forecast, Company & Profile, and Product & Service.

ReportsnReports has recently added a new research report to its expanding repository. The research report, titled Quantum Cryptography Market, mainly includes a detailed segmentation of this sector, which is expected to generate massive returns by the end of the forecast period, thus showing an appreciable rate of growth over the coming years on an annual basis.

The research study also looks specifically at the need for Quantum Cryptography Market.

This report sets out analysis of the Quantum Cryptography Market providing intelligence on the main drivers, opportunities and challenges facing the sector. It considers the status and prospects of the major applications for Quantum Cryptography Market

Download a FREE Sample Copy of Quantum Cryptography Market Report atwww.reportsnreports.com/contactme=2455408

Report Scope::

The scope of this report is broad and covers global markets of quantum cryptography, which is used globally in various types of applications. The market is segmented by deployment protocol, algorithm type, component, application, end-user vertical, and by region.

Revenue forecasts from 2019 to 2024 are presented for each deployment protocol, algorithm type, component, application, end-user vertical, and regional market.

The report also discusses the major players in each of the regional markets for quantum cryptography.

It explains the major market drivers of the global market of quantum cryptography, the current trends within the industry, and the regional dynamics of the quantum cryptography market. The report concludes with a special focus on the vendor landscape.

It includes detailed profiles of the major global vendors in the quantum cryptography industry.

Report Includes:

86 tables An overview of the global market for quantum cryptography Analyses of global market trends with data from 2018, estimates for 2019, and projections of compound annual growth rates (CAGRs) through 2024 Assays the role of quantum cryptography to help secure private messages and communication of confidential information across different verticals Information on underlying technologies driving the industrys growth along with primary factors ? current trends, regulatory updates, and other macro-economic factors ? that can influence the market Insights into initiatives taken by government and institutions around the world to build quantum computers that can break down non quantum-based cryptography Snapshot of technological advancements in next-generation wireless network technologies Detailed profiles of key companies in the global quantum cryptography market, including Crypta Labs Ltd., Hewlett-Packard, IBM, Infineon Technologies AG, Microsoft Corp., Quintessence Labs Pty Ltd., and Toshiba Corp.Summary:

Quantum cryptography uses quantum mechanical properties to complete cryptographic tasks. The Quantum Key Distribution (QKD) technology in quantum cryptography is based on Heisenbergs uncertainty principle.

Therefore, an unauthorized third partys attempt to intercept the secret keys used for encryption will produce an irreversible change in the quantum states before they are retransmitted to the intended destination. This will cause an abnormally high error rate in the transmissions between the sender and intended recipient, alerting the recipient of the unauthorized third partys attempt to intercept the keys.

Quantum cryptography is used across industries such as government and defense,banking and financial services, IT and telecommunications, and retail, among others.

The increasing number of cyberattacks, along with the pressing need to secure data and cybersecurity funding should drive the growth in the global market of quantum cryptography. Governments and institutions around the world are directing financial resources toward build quantum computers that can instantly break non-quantum-based cryptography.

This also has created an increased interest in quantum cryptography as many companies are seeking to install quantum cryptographic systems to protect their data. The IT and telecommunication sector should be the largest contributor to the global market of quantum cryptography because enterprises in this segment continuously generate big data.Protection from cyberattacks is vital.

Please share your specific interest to serve you better | Download PDF Brochure atwww.reportsnreports.com/contactme=2455408

Recent Industry Trend:

The report contains the profiles of various prominent players in the Global Quantum Cryptography Market. Different strategies implemented by these vendors have been analyzed and studied in order to gain a competitive edge, create unique product portfolios and increase their market share.

The study also sheds light on major global industry vendors. Such essential vendors consist of both new and well-known players.

In addition, the business report contains important data relating to the launch of new products on the market, specific licenses, domestic scenarios and the strategies of the organization implemented on the market.

Scope of the Report:

Through following the Quantum Cryptography Market through depth, the readers should find this study very helpful. The aspects and details are depicted by charts, bar graphs, pie diagrams, and other visual representations in theQuantum Cryptography Market study.

This intensifies the representation of the pictures and also helps to improve the facts of the Quantum Cryptography Market industry. At a substantial CAGR, the Quantum Cryptography Market is likely to grow.

Quantum Cryptography Market reports main objective is to guide the user to understand the market in terms of its definition, classification, industry potential, the latest trends, and the challenges facing the Quantum Cryptography Market.

And More

This email address is being protected from spambots. You need JavaScript enabled to view it.

See original here:
Quantum Cryptography Market research report features advanced and sophisticated threats to boost growth 2019-2026 - WhaTech Technology and Markets...

In late 2019, a research report was published that pointed out the existence of numerous weak RSA certificates in active use on the Internet. While the RSA algorithm is secure, many organisations were using it improperly, which would allow an attacker to generate fake, verifiable RSA certificates.

For users trusting these weak certificates, this vulnerability has significant impacts. A fake RSA certificate used in HTTPS has significant implications for website security since it could allow an attacker to impersonate a trusted site. For Internet of Things (IoT) devices trusting self-signed, vulnerable certificates, this vulnerability could open them up to compromise, potentially enabling an attacker to add them to a botnet performing Distributed Denial of Service (DDoS) attacks or to steal sensitive data collected and processed by these devices.

How RSA Certificates Work

RSA certificates are one example of public key cryptography. Public key or asymmetric cryptography uses two different encryption keys: a private key and a public key. The private key is used for decrypting messages or generating digital signatures, and the public key can encrypt data or verify digital signatures.

These two keys are related. The public key is calculated from the private key using a one-way function. These one-way functions are based off of a mathematically hard problem, meaning that a certain function is relatively easy (of polynomial difficulty) to perform, but its inverse is much harder (exponential difficulty).

In the case of RSA, this hard problem is the factoring problem. The factoring problem is based off of the assumption that it is fairly easy to multiply two large prime numbers together but relatively hard to determine these two factors with knowledge of their product. With modern systems, this assumption is valid and the system is secure as long as an attacker does not know either of these two factors.

The RSA Certificate Vulnerability

Recent research by KeyFactor demonstrates that this assumption (that an attacker doesnt know the secret factors used in an RSA calculation) may not always be valid. A study of 75 million RSA public keys in active use revealed that 1 in every 172 of these keys shared a common factor.

These shared factors are a problem for the security of these RSA secret keys since they would allow an attacker to determine both prime factors used in the calculation. With this data, they could derive the private key associated with a given public key. Of the 75 million keys studied, the researchers were able to derive private keys for 435,000 of them.

The cause of these weak RSA keys is attributed to the growth of IoT devices. These IoT devices commonly have significant power restrictions and limited entropy. Since entropy is crucial to the generation of strong random numbers, these devices are often generating the same random numbers when trying to identify prime numbers for use in RSA certificates. As a result, these certificates are much more likely to share prime factors, making them vulnerable to attack.

Implications of the Vulnerability

RSA certificates are used for a variety of different purposes. The nature of asymmetric cryptography means that these certificates can be used to establish a secure communications channel with another party (by sending them a message encrypted with their public key) or to verify the identity of a messages sender (by checking if a digital signature sent with the message is valid).

However, these uses of asymmetric cryptography assume that only the owner of a public key has knowledge of the corresponding private key and the prime values used in the calculation of the public key. With the newly-revealed weaknesses of RSA certificates currently in use, this assumption is not valid for 1 of every 172 certificates.

The implications of this are significant for web security since encrypted HTTPS webpages use digital signatures to prove their identity to a visitor. If an attacker can derive the private key for the digital certificate associated with a particular webpage, they can create valid HTTPS connections with visitors to that webpage. This could allow the attacker to collect sensitive data entered by the user into the site or serve pages with embedded malicious code for the unsuspecting user to run.

In the case of this study, the vast majority of vulnerable certificates were self-signed keys used by IoT device manufacturers. Certificates generated by reputable certificate authorities (CAs) were generally secure. However, the use of insecure certificates by IoT manufacturers is concerning. Compromised IoT devices are already commonly used in DDoS attacks, and this weakness may allow cybercriminals impersonating legitimate IoT servers to trick additional IoT devices into joining their botnets. This would hurt both the owners of these devices and the targets of the resulting DDoS attacks.

The Importance of Strong Cryptography

In the study by KeyFactor, the source of the weaknesses in RSA certificates was poor use of the RSA algorithm. While the algorithm itself is currently considered secure if properly used, it depends upon the prime factors used in its calculations to be random and unknown to an attacker. Generating these large, prime, random factors requires a strong source of entropy, and IoT device manufacturers simply werent using enough entropy in their calculations.

As a result, the private keys of hundreds of thousands of RSA certificates currently in use can be derived by an attacker, allowing the attacker to impersonate the owner to anyone trusting that certificate. These vulnerabilities could open up IoT devices to being exploited and added to DDoS botnets.

Follow EU Today on Social media:

Gary Cartwright

Gary Cartwright is publishing editor of EU Today.

An experienced journalist and published author, he specialises in environment, energy, and defence.

He also has more than 10 years experience of working as a staff member in the EU institutions, working with political groups and MEPs in various policy areas.

Gary's latest book WANTED MAN: THE STORY OF MUKHTAR ABLYAZOV: A Manual for Criminals on How to Avoid Punishment in the EU is currently available from Amazon

https://www.amazon.co.uk/WANTE...

Original post:
The Threat of IoT Device Exploitation Due to RSA Certificate Weaknesses - EU Today

51% Claim Low Ability to Detect and Respond to Digital Certificate and Key Misuse

Connectivity and the number of digital identities within the enterprise has grown exponentially thanks to continued cloud, mobile, DevOps and IoT adoption, said Chris Hickman, chief security officer at Keyfactor. The complexity of managing those identities while keeping them securely connected to the business has created a critical trust gap in many cases the keys and certificates designed to build trust are instead causing outages and security breaches.

Digital certificates and keys ensure authenticity across enterprise user, application and device identities. Cryptographic algorithms encrypt the data associated with those identities, providing secure communication and exploit protection. Two-thirds of respondents say their organization is adding additional layers of encryption to comply with industry regulations and IT policies; however, shorter certificate validity has doubled the management workload on short-staffed IT and security teams.

Additional key findings:

Connected IoT increasing risk: 60% say theyre adding additional layers of encryption technologies to secure IoT devices, but 46% admit low ability to maintain IoT device identities and cryptography over device lifetime.

A rise in security incidents: on average, organizations have experienced a Certificate Authority (CA) or rogue man-in-the-middle (MITM) and/or phishing attack five times in the last 24 months, with a 40% likelihood of a MITM or phishing attack over the next 24 months; 73% of respondents admitted that digital certificates have and continue to cause unplanned downtime and outages.

Staffing shortages: on average, 16% of the IT security budget is spent on PKI deployment annually, yet just 38% of respondents say their organization has enough IT security staff members dedicated to PKI deployment.

Cryptography related security incidents undermine trust: 76% of respondents say failure to secure keys and certificates undermines the trust their organization relies upon to operate.

Cryptography lacks a center of excellence: Despite the rising cost of PKI and growth of cryptography-related incidents, just 60% of companies have the ability to drive enterprise-wide best practices.

Our 2019 report was a wake-up call in many ways it was the first report of its kind to investigate the role that digital certificates and keys play in creating trust inside and outside organizations, said Dr. Larry Ponemon, founder of the Ponemon Institute. In many ways I was optimistic that wed see progress this year as more executives invested the resources needed to close the gap between standard practice in PKI and best practice. This years report shows that while progress has been made in a few areas, that gap is actually growing wider.

This report reinforces cryptographys importance within the security agenda, said Hickman. In many cases, PKI remains a manual function with ownership split across IT and security teams. Growing connectivity has created an exposure epidemic. Without a clear PKI in-house or outsourced program owner and process to close critical trust gaps, the risk of outages and breaches will continue to rise.

The study was conducted by Ponemon Institute on behalf of Keyfactor and included responses from more than 600 IT and infosec executives and practitioners in the United States and Canada across 14 industries, including financial services, healthcare, manufacturing, retail and automotive.

To view a complete copy of the report, visit: http://keyfactor.com/ponemon2020.

About KeyfactorKeyfactor empowers enterprises of all sizes to escape the exposure epidemic when breaches, outages and failed audits from digital certificates and keys impact brand loyalty and the bottom line. Powered by an award-winning PKI as-a-service platform for certificate lifecycle automation and IoT device security, IT and InfoSec teams can easily manage digital certificates and keys. And product teams can build IoT devices with crypto-agility and at massive scale. Exceptional products and a white-glove customer experience for its 500+ global customers have earned Keyfactor a 98.5% retention rate and a 99% support satisfaction rate. Learn more at http://www.keyfactor.com.

ContactsKeyfactor Media ContactSarah Hancesarah.hance@keyfactor.com216.785.2291

MRB Public Relations Media ContactAngela Tuzzoatuzzo@mrb-pr.com 732.758.1100

See more here:
60% of Enterprise Ill-Equipped to Detect and Respond to Public Key Infrastructure (PKI) Degradation or Breach, Research Finds - PR.com

10h | Natalie Bannerman

Members of German Chancellor Angela Merkels Christian Democratic Union (CDU)have backed a position paper on 5G networks that proposes tougher rules on foreign vendors.

Taking a leaf of out the UKs book, German law makers seem to be favouring a rules-based approach to dealing with the likes of Huawei and its involvement in 5G networks.

According to Reuters, the document was drafted by Christian Democratic leaders to try and address the growing concerns of those in the party who view Huawei as a threat to national security. The paper aims to enable Germanys coalition government to come to an agreement on 5G, after many months of debate.

Sources told Reuters that several lawmakers support the four-page document which instead of employing any individual bans, sets out the principles of a risk-management approach.

The paper reportedly states: State actors with sufficient resources can infiltrate the network of any equipment maker. Even with comprehensive technical checks, security risks cannot be eliminated completely - they can at best be minimised. At the same time, we are not defenceless against attempts to eavesdrop on 5G networks. The use of strong cryptography and end-to-end encryption can secure confidentiality in communication and the exchange of data.

All three of the countrys network operators are customers of the Chinese vendor, so completely excluding the company could prove risky.

Bearing that in mind, the document clearly distinguishes between access, transport and core networks, which are sensitive parts of the infrastructure allowing Huawei components to be handled different in the various parts of the network.

The paper does on to suggest using products from a range of vendor to avoid a monoculture as well as changes to the countrys telecoms and IT security laws for trustworthiness to be integrated into them.

Equipment makers can only be trusted if they verifiably fulfil a clearly defined security catalogue that rules out any influence from a foreign state on our 5G infrastructure, it said.

The paper would also give operators until 2025 to remove any equipment from its 4G networks that come from vendors who fail certification checks. It also pushes for Germany to implement a European industrial policy to ensure that its own companies can build all elements of internationally competitive and secure 5G networks.

In related news, Merkel is said to be in the early stages of discussion with Ericsson and Nokia to bolster the market position of European 5G vendors.

According to Handelsblatt, Merkel is pushing for European technological independence and is set to meet the companies later this month.

Original post:
Germany tightens restrictions on Huawei, refusing ban - Capacity Media

Mozilla this week released Firefox 73, a minor upgrade whose most notable addition was a new default setting for page zooming.

Software engineers working on the open-source browser also patched six vulnerabilities, half of them labeled "High," Mozilla's second-most-serious threat rating. As usual, some of the flaws might be used by criminals.

"We presume that with enough effort some of these could have been exploited to run arbitrary code," the firm wrote of two of the bugs.

Firefox 73 can be downloaded for Windows, macOS and Linux from Mozilla's site. Because Firefox updates in the background, most users need only relaunch the browser to get the latest version. To manually update on Windows, pull up the menu under the three horizontal bars at the upper right, then click the help icon (the question mark within a circle). Choose "About Firefox." (On macOS, "About Firefox" can be found under the "Firefox" menu.) The resulting page shows that the browser is either up to date or describes the refresh process.

Mozilla last upgraded the browser on Jan. 7, or five weeks ago.

From this point forward, Mozilla will refresh the browser every four weeks. Firefox 74 will end a gradual reduction to the intervals between upgrades: Mozilla announced the release speed-up in September, when it said the original six-week span would be shortened to five weeks, then to four.

Firefox's faster release tempo comes at a price: the distinct possibility that each upgrade will boast fewer new features, fewer improvements and enhancements. Firefox 73 is proof, as Mozilla was able to highlight just two changes evident to end users.

The first was a new user-set global default for the page zoom level. Rather than monkey with zoom for each site individually - to, for instance, zoom in to make text more readable for older eyes - users can set a default level higher or lower than 100% as the new baseline.

To change the default zoom (which remains at 100% if the user declines to modify it), users must open Preferences (on macOS) or Options (Windows), then under the "General" tab locate "Language and Appearance." Select the desired default zoom from the box under "Zoom."

That number - 110%, for instance - becomes the new baseline for all sites. Users can still manually increase or decrease zoom with keystroke combinations or from the menu.

Firefox 73's new zoom default lets users set a baseline to, for example, zoom in to 120% on every site. For anyone who is constantly zooming, this saves tons of time.

The other addition trumpeted by Mozilla in Firefox 73's release notes was labeled "readability backplate" and designed to collaborate with Windows' high contrast mode. The latter is a setting that replaces the original colors of, say, a website's text and background, with high contrast combinations for easier reading by people with vision issues.

Previously, Firefox has simply disabled background images when the user enabled high contrast mode. In Firefox 73, the readability backplate "places a block of background color between the text and background image," Mozilla said. "Now, websites in High Contrast Mode are more readable without disabling background images."

Mozilla, like other browser makers, is knee-deep in putting an end to the outdated encryption protocols of TLS (Transport Layer Security) 1.0 and 1.1.

More than a year ago, in October 2018, Mozilla announced that the two standards, TLS 1.0 and TLS 1.1, would lose Firefox support in March 2020. That's next to now.

In a Feb. 6 post, Thyla van der Merwe, the cryptography engineering manager at Mozilla, promised that the upcoming Firefox 74 would give the boot to the pair. "Expect Firefox 74 to offer TLS 1.2 as its minimum version for secure connections when it ships on 10 March 2020," she wrote.

Although van der Merwe said that Firefox would retain an override button (which has been appearing on warnings when users try to reach a website encrypted by TSL 1.0 or TSL 1.1), she noted that with telemetry trends being what they were, "It's unlikely that the button will stick around for long."

The next version, Firefox 74, will release on March 10.

Read the original here:
What's in the latest Firefox update? Firefox 73 adds to usability and accessibility options - Computerworld