PGP Corporation - CTO Corner

National Museum of Computing at Bletchley Park - Part 2

"We have been very happy to see all the press and support we've gotten for the National Museum of Computing at Bletchley Park. The need has not gone away, so please if you haven't gotten one of our great t-shirts, do so. If you don't wear t-shirts, please contribute a little to help save history. The donation is made via PayPal, so it can be any amount you choose."

National Museum of Computing at Bletchley Park

"Three years ago, I wrote a CTO corner about saving Colossus (http://www.pgp.com/insight/blogs/ctoblog/colossus.html), one of the world's first computers, which was built at and is still housed at Bletchley Park. In the last three years Colossus has been saved, but still needs more help."

On the 'Cold Boot' Attack on Computer Memory

"Last week, a research team that includes people from Princeton University and the EFF announced ways to read computer memory after a computer has been shut down. In this CTO Corner, I will discuss how it affects PGP software in specific, but my explanation applies to other software in general."

Smile When You Say That

"Part of my job as CSO is that I run security response at PGP Corporation. It's a fact of life that if you drive a car long enough, you're going to crump a fender. If you run a security company long enough, you're going to have something annoying happen. The mark of a good company is how you deal with issues, not the issues themselves."

Why You Need Enterprise Data Protection

"Cryptography is easy; itâ€™s the other things that are hard." Like many good aphorisms, it has a crunchy kernel of truth wrapped in a tasty counterintuitive thought."

New Factoring Record

"A team of people from EPFL (Ecole Polytechnique FÃ©dÃ©rale de Lausanne) in Switzerland, the University of Bonn, and NTT in Japan have factored a 1017-bit number"

Here a Key, There a Key, but Where's the Key Manager?

"The hardest problem in cryptography is key management. Every security problem in cryptography reduces to a key management problem"

The Evil of Scale

"A recurring question about modern cryptography is how easy it is for sophisticated attackers to break it. A perennial question, people have been asking it more often since the U.S. domestic spying scandal broke early this year."

How to Build Secure Software

"Building good software is the supreme challenge every company faces. There are many facets of building good software that range across the entirety of the software development process."

Hardware Encryption is Coming â€“ and Not a Moment Too Soon

"This development also ties into another recurring theme of mine: the need to mix security and reliability."

Balancing Security & Privacy

"In the world of cryptography in 2005, hash functions got most of the press"

Google Lives Up to its Motto

"As you might expect, I admire business people taking a moral stand. "

Insider Threats as "Fear du Jour"

"There is an irritating new trend starting to surface in security marketing."

Thinking about Threats and How to Manage Them

"If you, like most of us, enjoy making smart comments about security practices, someone inevitably replies with, "Yes, but what's the threat model?""

Action This Day: Your Colossal Help is Needed

"Colossus was arguably* the first computer ever built..."

Email Authentication

"Coming soon to your inbox: email authentication"

Automagical Encryption

"Creating Automagical Encryption with New PGP Products"

RFID Passports

"coming soon: passports to broadcast personal data"

OpenPGP flaw prompts quick fix

"Cryptographers Serge Mister and Robert Zuccherato from Entrust released a paper outlining an attack on the way OpenPGP does symmetric cryptography"

Google Desktop Search: The Good, the Bad, & the Ugly

"Those wonderful folks at Google have a knack for coming up with useful things that bring to light security situations that existed before, but we might not have been aware of, ignored, or just lived with..."

Much ado about hash functions

"At this year's Crypto conference (held at the University of California , Santa Barbara), there was a good deal of excitement about mathematical functions called hash functions."

Plug in or opt out?

"One of the fundamental changes the PGP Universal architecture brings to email security is the ability to work without plug-ins."

Now ISPs can read your email - legally

"The U.S. District Court in Boston recently ruled that just about anyone can read your email for just about any reason with impunity."