Posts

Showing posts from October, 2011

SSL security checker

A nicely presented online tool from Qualys lets us check the security of SSL configurations used by public websites .  SSL is not exactly the security panacea that is usually implied by online businesses.  It can be configured on the servers to negotiate and establish connections using older, weaker algorithms, instead of the more recent, stronger, recommended ones - or not. The Qualys tool connects and tries to persuade the tested site to fall back to one of the deprecated SSL algorithms, marking down the site's score if it succeeds. This is a simple illustration of the complexity of IT security management today, and the value of routine independent penetration testing of corporate websites.

Another 4,900,000 privacy breach statistics

A backup tape containing medical records and other personal information on nearly 5 million US military personnel in the TRICARE scheme has been stolen from an SAIC employee's car.  TRICARE is a US " health care program serving Uniformed Service members, retirees and their families worldwide". SAIC ( S cience A pplications I nternational C orporation) is a "scientific, engineering, and technology applications company that uses its deep domain knowledge to solve problems of vital importance to the nation and the world, in national security, energy and the environment, critical infrastructure, and health. We do this with the constant and deliberate commitment to ethical performance and integrity that has marked SAIC since its founding".  It is best known as an IT oursourcer/service provider. TRICARE's statement "retrieving the data on the tapes would require knowledge of and access to specific hardware and software and knowledge of the system an...