Connect with us

Cyber Security

SSL Precertificates and How They Work

Avatar

Published

on

Advanced Threat ProtectionReading Time: 3 minutes

SSL certificates – yes, we have heard much about SSL certificates, but how about SSL Precertificates? – it doesn’t seem to ring a bell, does it? Now, this blog is an attempt to explore SSL Precertificates – what they are, where they are used and how they work.

SSL Precertificates – What they are

SSL Precertificates are a type of SSL certificates that are intended to provide proof that an SSL certificate has been logged for embedding certificate transparency (CT) data in a certificate directly. SSL Precertificates cannot be used to form a secure/encrypted connection. And they also cannot be used for server authentication.

SSL Precertificates and How They Work

The term precertificate can actually confuse a user. It does not mean what we think it may actually mean. Precertificates may exist for the SSL certificates that you already have, and it is not necessary that you need to know about it.

Uses of Precertificates

To understand the uses of SSL precertificates you must first know about Certificate Transparency and its goals.
Certificate Transparency aims to remedy certificate-based threats by making the issuance and existence of SSL certificates open to scrutiny by domain owners, Certificate Authorities (CAs), and domain users.

“Specifically, Certificate Transparency has three main goals:

  • Make it impossible (or at least very difficult) for a CA to issue a SSL certificate for a domain without the certificate being visible to the owner of that domain.
  • Provide an open auditing and monitoring system that lets any domain owner or CA determine whether certificates have been mistakenly or maliciously issued.
  • Protect users (as much as possible) from being duped by certificates that were mistakenly or maliciously issued.”

CT creates an open framework comprised of three main components for monitoring the TLS/SSL certificate system and auditing specific TLS/SSLcertificates. This open framework consists of the following:

  • public logs of certificates,
  • public log monitoring,
  • and public certificate auditing.

It is for these logs that SSL Precertificates provide proof that the certificates have been logged. Precertificates have an advantage over other methods in providing proof of submission. In other methods, the file for submission to a certificate transparency log (SCT) is provided separately.

CT Log Signature Production

The purpose of the CT log is to produce the correct valid signature for the certificate’s data, and for that, it requires the SCT from the log. The SSL precertificates allow the CT log to produce the valid signature without being in possession of the final certificate. The CA is now able to issue the final certificate with the SCT included. Misissuance of precertificates is treated on par with misissuance of the final certificates. Hence, due diligence must be followed during precertificate issuance.

How Do Precertificates Work?

X.509 is a cryptographic standard format for defining public key certificates such as SSL certificates. A precertificate is defined with a “poison extension” to the X.509 format. It differentiates it from normal SSL certificates. When browsers or operating systems encounter this extension they are not understood by them and hence they will be treated as invalid. This factor prevents SSL precertificates from being used for a secure/encrypted connection or for server authentication.

SSL Certificate

Related Resources

TEST YOUR EMAIL SECURITY GET YOUR INSTANT SECURITY SCORECARD FOR FREE Source: https://blog.comodo.com/ssl/ssl-precertificates-and-how-they-work/

Cyber Security

How Was 2020 Cyber Security Awareness Month?

Avatar

Published

on

Global corporate enterprise and indeed global society is aware of the concept of cyber security. Personally Identifyable Information (PII) data leaks, continued personal phishing expeditions and state-based adversary hacking have all brought cyber security into focus for the average person.

The average Board member is certainly more aware of the value of cyber security than in years past due in part to ransomware payments. And front-lines employees are certainly more aware of the value of cyber security due to an increased understanding of what not to do.

The state of cyber security is indeed strong. As the Cyber Security Hub Year End Report will elucidate, nearly 80% of the community feels that the overall state of cyber security, meaning operations, resiliency, compliance, awareness, etc., is improving.

But that is of course through the end of the day today. As cyber security professionals know, it’s all about tomorrow. And tomorrow is going to be a bear.

Awareness

A few years of the Mid-Year and Year End reports has shown a sustained focus and expense on Security Awareness. Cyber security executives seem comfortable with the returns to date. But we are now in a whole new world and the pre-pandemic security awareness quotient does not cut it.

Key Questions:

  • How often are you in front of the organization regarding security awareness?
  • Are you expediting security awareness the same way that you’ve always done it?
  • Is each person in the organization aware of all of the new threat vectors?

Automation

The Cyber Security Hub Automation Report is fresh out with some key takeaways. More needs to be done than there is dollars to do. Automated attacks are on the rise and the global pandemic has not been kind to budgets. That means that organizations must make choices on if they can handle any amount of cyber security automation investment.

The luckier ones are making choices on what to automate with a better understanding of the fact that while automation might eventually reduce overhead, the human resources needed to make automation work have to be found and added first.

Key Questions:

  • Do you have budget for automation?
  • If yes, do you have the talent you need for automation?
  • If no, what technical debt do you have that you could lose?

Cloud-First

We just started the Zero Trust conversation and we have to also start the SASE conversation. Our friends at Okta have a handy chart that shows four levels of a Zero Trust organization. The first level is level zero (no-relation). Common wisdom has most of global corporate enterprise at either level zero or level one. Most folks think that less than 10% are at level 3 (that’s the highest level).

The Cyber Security Hub Year End Report will showcase the fact that 75% of the community is telling us how they stopped worrying and learned to love the VPN. (That’s a reference to the title of Dr. Strangelove if you’re keeping score at home). The point being- a significant portion of the community is on the just at the front end of figuring out IAM & PAM for their organizations.

So we’ve got a long way to go on establishing a Zero Trust Network Architecture (ZTNA). And a ZTNA is only one piece of a Secure Access Service Edge (SASE). SASE is not brand new. Gartner released their first analysis of the concept at the end of last year. Solution providers do have offerings and the top of the market is buying.

Key Questions:

  • Where are you on the IAM/PAM continuum?
  • Where are you on the Zero Trust continuum?
  • Where are you on the SASE continuum?

Business Enablement

As you might know, we’ve consistently shared that cyber security has gone from the Department of No to the Department of Know ensuring that cyber security isn’t in the way of business enablement.

We’ve also covered the fact that the cyber security budget conversation with the board must no longer be based on fear but on risk. The budget conversation as we understand it is best presented by choices.

“If we implement X, spending Y, we’ll reduce risk by Z. If we don’t implement X, risk will increase by Alpha by Year End 2021.”

A significant portion of budgets for 2020 and maybe even some of 2021 were spent in March and April of 2020. The cyber crime rate is going up. To thwart the threats, cyber security executives must be tough. You’ve got threat vectors on all sides. And your budget has been shattered. (That’s a reference to Shattered by the Rolling Stones if you’re keeping score at home).

Key Questions:

  • How are you going into the budget conversation for 2021?
  • Are you able to educate the board and CEO using a risk paradigm?

Happy Cyber Security Month from Cyber Security Hub. You’ve got to be a CISO to know how much mental and intestinal fortitude is needed to get the job done. We have awareness and appreciation of how hard the job is- and the fact that it just keeps getting tougher. So take a breath, focus as you do, get back out there and keep us safe. Thank you for doing the job.

Source: https://www.cshub.com/executive-decisions/articles/how-was-2020-cyber-security-awareness-month

Continue Reading

AI

Resiliency And Security: Future-Proofing Our AI Future

Avatar

Published

on

Deploying AI in the enterprise means thinking forward for resiliency and security (GETTY IMAGES)

By Allison Proffitt, AI Trends

On the first day of the Second Annual AI World Government conference and expo held virtually October 28-30, a panel moderated by Robert Gourley, cofounder & CTO of OODA, raised the issue of AI resiliency. Future-proofing AI solutions requires keeping your eyes open to upcoming likely legal and regulatory roadblocks, said Antigone Peyton, General Counsel & Innovation Strategist at Cloudigy Law. She takes a “use as little as possible” approach to data, raising questions such as: How long do you really need to keep training data? Can you abstract training data to the population level, removing some risk while still keeping enough data to find dangerous biases?

Stephen Dennis, Director of Advanced Computing Technology Centers at the U.S. Department of Homeland Security, also recommended a forward-looking posture, but in terms of the AI workforce. In particular, Dennis challenged the audience to consider the maturity level of the users of new AI technology. Full automation is not likely a first AI step, he said. Instead, he recommends automating slowly, bringing the team along. Take them a technology that works in the context they are used to, he said. They shouldn’t need a lot of training. Mature your team with the technology. Remove the human from the loop slowly.

Of course, some things will never be fully automated. Brian Drake, U.S. Department of Defense, pointed out that some tasks are inherently human-to-human interactions—such as gathering human intelligence. But AI can help humans do even those tasks better, he said.

He also cautioned enterprises to consider their contingency plan as they automate certain tasks. For example, we rarely remember phone numbers anymore. We’ve outsourced that data to our phones while accepting a certain level of risk. If you deploy a tool that replaces a human analytic activity, that’s fine, Drake said. But be prepared with a contingency plan, a solution for failure.   

Organizing for Resiliency

All of these changes will certainly require some organizational rethinking, the panel agreed. While government is organized in a top down fashion, Dennis said, the most AI-forward companies—Uber, Netflix—organize around the data. That makes more sense, he proposed, if we are carefully using the data.

Data models—like the new car trope—begin degrading the first day they are used. Perhaps the source data becomes outdated. Maybe an edge use case was not fully considered. The deployment of the model itself may prompt a completely unanticipated behavior. We must capture and institutionalize those assessments, Dennis said. He proposed an AI quality control team—different from the team building and deploying algorithms—to understand degradation and evaluate the health of models in an ongoing way. His group is working on this with sister organizations in cyber security, and he hopes the best practices they develop can be shared to the rest of the department and across the government.

Peyton called for education—and reeducation—across organizations. She called the AI systems we use today a “living and breathing animal”. This is not, she emphasized, an enterprise-level system that you buy once and drop into the organization. AI systems require maintenance, and someone must be assigned to that caretaking.

But at least at the Department of Defense, Drake pointed out, all employees are not expected to become data scientists. We’re a knowledge organization, he said, but even if reskilling and retraining are offered, a federal workforce does not have to universally accept those opportunities. However, surveys across DoD have revealed an “appetite to learn and change”, Drake said. The Department is hoping to feed that curiosity with a three-tiered training program offering executive-level overviews, practitioner-level training on the tools currently in place, and formal data science training. He encouraged a similar structure to AI and data science training across other organizations.

Bad AI Actors

Gourley turned the conversation to bad actors. The very first telegraph message between Washington DC and Baltimore in 1844 was an historic achievement. The second and third messages—Gourley said—were spam and fraud. Cybercrime is not new and it is absolutely guaranteed in AI. What is the way forward, Gourley asked the panel.

“Our adversaries have been quite clear about their ambitions in this space,” Drake said. “The Chinese have published a national artificial intelligence strategy; the Russians have done the same thing. They are resourcing those plans and executing them.”

In response, Drake argued for the vital importance of ethics frameworks and for the United States to embrace and use these technologies in an “ethically up front and moral way.” He predicted a formal codification around AI ethics standards in the next couple of years similar to international nuclear weapons agreements now.

Source: https://www.aitrends.com/ai-world-government/deploying-ai-in-the-enterprise-means-thinking-forward-for-resiliency-and-security/

Continue Reading

Cyber Security

How the PS5 Will Completely Change Gaming As We Know It?

Avatar

Published

on

gamming

It’s fair to say that the PS5 isn’t exactly being released at the perfect time. While gaming is as big as it has ever been, the world is in a global pandemic and people are less secure about their finances than ever before.

So a new $500 console perhaps isn’t going to be at the top of everyone’s priorities. That said, it’s a device that could be a real gamechanger. Which is only a good thing for console gaming.

Table of Contents

Video Gaming Falling Behind Online & Mobile

In recent years, video gaming has fallen significantly behind the likes of mobile gaming, with the latter enjoying a huge book during the pandemic. During March, when the pandemic first broke, weekly game downloads rose 35% to 1.2billion.

While video games also saw a surge, it couldn’t be further behind. Across the board, mobile games were thriving. From the likes of puzzles, to online bingo and casino, games were being enjoyed by the millions.

In the case of the latter two, that was in part due to brick-and-mortar bingo halls and casinos being closed, but the sheer volume of people visiting online bingo sites (see here) has taken the industry to entire new levels, which are expected to be sustained for some time to come.

Enter the PS5

The PlayStation 5 from Sony, alongside the new Xbox being launched by Microsoft are expected to be the savior of console gaming, resurrecting it and placing it back at the forefront of the gaming mainstream.

There are expected to be some incredibly new features which will change gaming forever, and below you’ll find the features we believe will do that.

Making 4K the Norm

The PS5 is expected to make playing with 4K the normal, adding further quality to an already life-like gaming experience.

You will need much more internet bandwidth to get through games of this quality which is worth noting, as many players could begin to get frustrated by this.

AI Companionship

You’ve always been able to play against the computer, but one that reacts to your emotional state and offers its own? Well, that’s a different ball game.

The PS5 and gaming developers are going to integrate artificial intelligence into gaming more than ever before and allow players who are required more frequently to play alone, to do so with AI.

It’s also believed AI will be a key part of how we game too, with non-playing characters expected to be more intelligent than ever before, producing unique gaming experiences for each and every player.

Three Dimensional Audio

As well as significant graphics improvements, the PS5 will use 3D audio being branded as the Tempest Engine.

It’s set to add even more depth to the playing experience and be more immersive than ever before.

This is set to be a landmark moment for blind gamers, with the sounds within them able to give blind gamers a better picture of the game and therefore more chance of navigating through levels.

Exclusive Games & A Netflix-like Catalogue

Many brands are now wanting to become the Netflix of gaming and it could be Sony who takes the crown. The brand are launching bigger franchises than ever in the likes of God of War, The Last of Us and Uncharted, and that’s only going to advance with the introduction of a new console.

It’s unsure as to what will be launched just yet, but we can expect plenty more strong storytelling from the brand, which blows the likes of puzzle games and mobile-friendly titles out of the water.

Source: https://cybersguards.com/how-the-ps5-will-completely-change-gaming-as-we-know-it/

Continue Reading
Cyber Security7 hours ago

How Was 2020 Cyber Security Awareness Month?

AR/VR8 hours ago

Sci-fi Shooter Hive Slayer is Free, Asks Players for Louisiana Hurricane Relief Donations Instead

AR/VR8 hours ago

AMD Announces Radeon RX 6000-series GPUs with USB-C “for a modern VR experience”

AI10 hours ago

Resiliency And Security: Future-Proofing Our AI Future

AI10 hours ago

AI Projects Progressing Across Federal Government Agencies

Blockchain12 hours ago

Kucoin and Revain Announce Partnership

AR/VR13 hours ago

Crowdfunded AR Startup Tilt Five Secures $7.5M Series A Investment

AR/VR13 hours ago

The Importance of XR Influencers

AR/VR13 hours ago

Head Back Underground in 2021 With Cave Digger 2: Dig Harder

AR/VR15 hours ago

Five All-New Multiplayer Modes Revealed for Tetris Effect: Connected

Crowdfunding16 hours ago

The Perfect Investment

AR/VR17 hours ago

Snapchat’s new Halloween AR Lenses Offer Full Body Tracking

Cyber Security17 hours ago

How the PS5 Will Completely Change Gaming As We Know It?

Cyber Security17 hours ago

Compromised Credentials used by Hackers to Access the Content Management System

Cyber Security17 hours ago

Which are the safest payment methods for online betting?

Cyber Security17 hours ago

How to stay safe if you’re using an Android device for betting?

Quantum19 hours ago

Bell nonlocality with a single shot

Quantum20 hours ago

Optimization of the surface code design for Majorana-based qubits

Quantum20 hours ago

Classical Simulations of Quantum Field Theory in Curved Spacetime I: Fermionic Hawking-Hartle Vacua from a Staggered Lattice Scheme

Ecommerce23 hours ago

How Digital Transformation Will Change the Retail Industry

AR/VR1 day ago

Where to Change Quest 2 Privacy Settings and See Your VR Data Collected by Facebook

Cyber Security1 day ago

Cyber Security Prognostication Conversation

AR/VR1 day ago

Win a Huge The Walking Dead Onslaught Merch Bundle Including the Game

AR/VR2 days ago

Hold Your Nerve With These Scary VR Horror Titles

Blockchain News2 days ago

Ethereum City Builder MCP3D Goes DeFi with $MEGA Token October 28

Crowdfunding2 days ago

I dare you to ignore this trend…

Blockchain News2 days ago

Why Bitcoin’s Price Is Rising Despite Selling Pressure from Crypto Whales

AI2 days ago

5 Work From Home Office Essentials

AR/VR2 days ago

Gorilla Glass Maker Corning & Pixelligent Partner to Develop Optics for Consumer AR Headsets

AR/VR2 days ago

Skye’s Beautiful VR Funeral

AR/VR2 days ago

AR For Remote Assistance: A True Game Changer

Blockchain News2 days ago

Smart Contract 101: MetaMask

AR/VR2 days ago

Yupitergrad Adding PlayStation VR & Oculus Quest Support Jan 2021

AR/VR2 days ago

Hack & Slash Rogue-lite ‘Until You Fall’ Leaves Early Access on Steam & Oculus PC

AR/VR2 days ago

‘Elite Dangerous: Horizons’ Now Free to All Owners of the Base Game

Blockchain News2 days ago

New Darknet Markets Launch Despite Exit Scams as Demand Rises for Illicit Goods

Blockchain News2 days ago

Bitcoin Millionaires at an All-Time High as Analysts Warn of a Pullback Before BTC Moves Higher

Fintech2 days ago

The Impact of BPM On the Banking And Finance Sector

AR/VR2 days ago

Samsung & Stanford University are Developing a 10,000 PPI OLED Display

Energy2 days ago

New Found Intercepts 22.3 g/t Au over 41.35m and 31.2 g/t Au over 18.85m in Initial Step-Out Drilling at Keats Zone, Queensway Project, Newfoundland

Trending