Monthly Archives: February, 2016

  1. San Bernardino, Paris, and the Implications for COTS Solutions Certification for Government Use

    By now, nearly everyone in the Western world has heard of the on-going campaign by many law enforcement and intelligence agencies to get legislation requiring technology vendors, and in particular manufacturers of mobile devices, to offer back doors and/or off-by-default encryption. While this battle seems to by cyclical, rearing its head every few years, the Read More…

  2. Intrusion Prevention System (IPS) Extended Package (EP) Update Published

    In late January 2016 an updated version of the Intrusion Prevention System (IPS) Extended Package (EP) was released. Although the changes to the EP itself are minor, changes to its scope may make this update significant for vendors seeking accreditation. At first glance version 2.1 of the IPS EP is nearly identical to version 2.0 Read More…

  3. OPEN SSL HIGH SEVERITY VULNERABILITY DISCOVERED

    A high severity vulnerability was discovered in OpenSSL, as a result of which a patch was released on January 28 2016. The vulnerability exists in the cryptographic code library that lets the attacker decrypt the HTTPS communications. Diffie-Hellman key exchange has been a common means of exchanging cryptographic keys over the untrusted channels which further Read More…