Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Information-Security-News
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[ISN] Developers say FIPS 140-2, WiFi security are big hurdles

from [InfoSec News] Network Security [Permanent Link]
Subject: [ISN] Developers say FIPS 140-2, WiFi security are big hurdles
Date: Wed, 26 Jan 2005 01:31:43 -0600 (CST) 
http://www.gcn.com/vol1_no1/daily-updates/34902-1.html

By Susan M. Menke 
GCN Staff
01/25/05

Developers at a recent encryption conference in Toronto said their
toughest job is plugging security holes in their products to meet the
encryption requirements of Federal Information Processing Standard
140-2.

The conference, sponsored by elliptical-curve cryptography vendor
Certicom Corp. of Mississauga, Ont., drew 60 top systems integrators
and middleware vendors from around the world, who were subsequently
surveyed about their concerns.

"FIPS 140-2 compliance is difficult and time-consuming," Certicom's
Brendan Ziolo said. "A surprising number of implementations fail, and
the testing can take eight to 12 months." About 30 percent of new
crypto modules do not pass the FIPS 140-2 tests, designed by the
National Institute of Standards and Technology, he said, and about 20
percent of returning modules still have security flaws.

Another hurdle is wireless security, "A lot of middleware developers
are looking to extend their applications to wireless, but the Wired
Equivalent Privacy algorithm was broken very quickly, and no real
standard has replaced it," Ziolo said.

In the survey, developers ranked fast, efficient performance as the
top criterion for organizations trying to strengthen encryption
security. Other important concerns are quality of the chosen algorithm
and access to the source code, they said.

Sixty percent of the respondents said they use open-source and other
publicly available algorithms during product development; 40 percent
continue to use it in their production systems.



_________________________________________
Open Source Vulnerability Database (OSVDB) Everything is Vulnerable - 
http://www.osvdb.org/
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [ISN] Developers say FIPS 140-2, WiFi security are big hurdles, InfoSec News <=
Previous by Date:  [ISN] Japanese government, U.S. security expert meet in court, InfoSec News
Next by Date:  [ISN] Security organisation's Web site hacked, InfoSec News
Previous by Thread:  [ISN] Japanese government, U.S. security expert meet in court, InfoSec News
Next by Thread:  [ISN] Security organisation's Web site hacked, InfoSec News
Indexes:  [Date] [Thread] [Top] [All Lists]