When TLS Reads: Totally Lost Security
Recorded Live - Tuesday, November 15, 2016
Click here to view a copy of the recording.
Click here to take the CPE quiz.
Generously sponsored by CSS
Giving the Internet an Identity
Why isn't patching and updating successful in making us safe, even from known vulnerabilities in products for which fixes are available?
We've seen Java vulnerabilities fixed and available on our smart phones, only to be told that our organization cannot support the fix without breaking a critical tool we depend on. We know that improved versions of SSL and TLS were available for many years before they become widely adopted by browser developers and web site administrators. Rather than risk disrupting millions of users, fears of backward compatibility issues drive them to continue to offer vulnerable versions of these protocols and to ignore the dangers of relying on encryption and hash algorithms with known flaws.
So, how does this bode for the Internet of Things? Will we see millions and millions of more vulnerable devices surround us that cannot be easily patched and managed securely?
Author of Microsoft Windows 7 Administrator's Reference, Jorge Orchilles holds a Master's of Science in Management Information Systems from Florida International University. Jorge leads the Advanced Penetration Testing & Vulnerability Assessment Quality Control teams in a large financial institution and serves as Director of the ISSA South Florida Chapter.
Wayne Harris is a principal consultant for PKI Professional Services at Certified Security Solutions (CSS) and responsible for client PKI design and enterprise architecture solutions, as well as directing the deployment and operations of client PKI services. Wayne manages the CSS PKI practice standards and develops the company’s comprehensive PKI services, including PKI readiness reviews, health checks, design and deployment, management software and managed services. Wayne has extensive experience implementing enterprise solutions using Active Directory, SMS, Exchange and SQL; holding professional certifications in Microsoft Certified Systems Engineer and Microsoft Certified IP Professional. Wayne’s professional background includes four years with Microsoft Consulting Services implementing infrastructure solutions for enterprise clients. During this time, Wayne was instrumental in delivering one of the world’s largest Active Directory designs. Prior to that Wayne worked as a network engineer with NASA. Wayne also served in the US Marine Corps, where he worked on voice radio cryptography.
Michael Wojcik is a Distinguished Engineer at Micro Focus International, focusing on security, communications, distributed systems, and mainframe emulation. As a member of the Micro Focus Security Council, he's helped create and run courses on software security, and writes an internal security-news blog. Michael has been studying and working with security and cryptography for more than two decades.