PGP Corporation Blogs » Vinnie’s Views

Data Security Is Not Just for the Big Guys

vinnie — Tue, 23 Mar 2010 20:30:48 +0000

I recently had an interaction that reminded me how much more work we have ahead of us in making people aware of the security risks associated with data breaches. My son is a member of well known youth group.…

Trust Us, It’s Secure Encryption Technology

vinnie — Wed, 13 May 2009 22:45:22 +0000

Unsolicited, my bank recently sent me a shiny new debit-card in the mail. They kindly included a note explaining that they were notified by a “major credit card processor” about an unauthorized intrusion (what’s an authorized intrusion?) into their computer…

Send Lawyers, Spies and Log Files

vinnie — Mon, 11 May 2009 15:28:10 +0000

As more of our data migrates up to the internet cloud, I am becoming profoundly aware of the unintended consequences and risks posed by so called best practice security procedures. Today I would like to discuss the server access logs…

Stimulating the Security of Medical Records.

vinnie — Tue, 17 Feb 2009 19:18:22 +0000

One of the items in the economic stimulus package signed by President Obama today that has not received much publicity, but at the same time prompted a fair amount of hand wringing is the provision for facilitating nationwide…

Securing Content in the Clouds.

vinnie — Tue, 17 Feb 2009 19:18:09 +0000

I am impressed at how popular web applications have become in the last few years. Not just web mail, but actual collaborative and analytical applications. Companies like Google, Salesforce, Apple, and Facebook have done an amazing job…

Some Thoughts About Facebook, OpenID and Secure Authentication

vinnie — Thu, 05 Feb 2009 23:34:10 +0000

In an previous post I talked about the possibility of using a PGP key to provide secure authorization for web services. A story I read recently reminded me about how important strong authentication has become, even for trivial websites. The saga,…

PGPsdk and FIPS-140

vinnie — Mon, 15 Sep 2008 23:05:38 +0000

What is FIPS-140-2?

FIPS 140-2 is the Security Requirements for Cryptographic Modules standard from the National Institute of Standards and Technology (NIST). It applies to the protection of valuable and sensitive but unclassified information throughout the government and DoD. FIPS-140 is…

PGP Identity Management: Secure Authentication and Authorization over the Internet

Doug McLean — Fri, 03 Sep 2004 20:58:46 +0000

Abstract
Access to computer services has conventionally been managed by means of secret passwords and centralized authentication databases. This method dates back to early timeshare systems. Now that applications have shifted to the Internet, it has become clear that the use…