加载中…

加载中...

个人资料
atsec官博
atsec官博 新浪机构认证
  • 博客等级:
  • 博客积分:0
  • 博客访问:28,884
  • 关注人气:13
  • 获赠金笔:0支
  • 赠出金笔:0支
  • 荣誉徽章:
访客
加载中…
好友
加载中…
评论
加载中…
留言
加载中…
分类
博文
(2020-05-11 15:30)
标签:

密码保护

密码

md5

The Rise
MD5 (message digest version 5) was developed in 1991 and is still very popular today, with a wide range of commercial and government applications. MD5 is used to generate hash values of passwords stored on a system as opposed to storing the passwords in plain text. This password protection method was used by many popular commercial websites such as LinkedIn, eHarmony, and LastFM. In addition, many government agencies originally adopted MD5 for official use.

 

How it Works
If you take a large set of numbers and apply mathematical operations on it to reduce the large set to a much smaller value, those operations are collectively called a hashing function. Particularly, in Computer Sciences, a hash function is any function that can be used to map data of arbitrary size to fixed-size values. The values returned by a hash function are called hash values, hash codes, digests, or simply hashes.

 

A

阅读  ┆ 评论  ┆ 转载 ┆ 收藏 

2020-04-10


atsec中国获得支付卡产业安全标准委员会(PCI SSC:Payment Card Industry Security Standards Council)的资质授权,成为了PCI软件安全框架(SSF:Software Security Framework)体系软件安全生命周期(SLC:Secure Software Lifecycle)评估机构和安全软件(Secure Software)评估机构,从而可以开展针对软件生命周期的评估,以及厂商支付软件的验证。

 


PCI SSF是面向支付软件安全设计和开发的标准和体系。支付软件的安全性是支付交易流程的重要组成部分,是实现可靠、准确支付交易的关键。SSF支持更广泛的支付软件类型、技术和开发方法,采用新式的要求描述方式取代支付应用数据安全标准(PA-DSS:Payment Application Data Security Standard)。SSF采用专注于结果的要求,为开发人员提供了更多的灵活性,以便更好的将支付应用程序安全性,和灵活的开发实

阅读  ┆ 评论  ┆ 转载 ┆ 收藏 
标签:

dpa

atsec

Wednesday, April 1, 2020

According to sources in the DPA (Data Protection Agency) new guidelines will be issued soon that will make digital trash separation mandatory. Every year an estimated 240 zettabytes of re-usable bits are thrown into desktop trash cans.

 

The new guidelines require operating system manufacturers to implement a recycling bin next to the trash can on the desktop. On Linux systems the addition of /dev/green to the existing /dev/null is being discussed.

 

The collected data will be re-used in the production of cat videos and make-up tutorials and is hailed as an important step forward.

 

Ryan Hill, Quality Manager at atsec commented: “

阅读  ┆ 评论  ┆ 转载 ┆ 收藏 
标签:

atsec

by Richard Fant 

Meltdown Attack:  2 years later

In February 2017, independent security researchers discovered a catastrophic security flaw in the cache design for processors developed by Intel Corporation. After embargoing the information for almost a year while working on a fix, Intel publicly announced in January 2018 the security flaw known as the Meltdown Attack.

 

At a high level, the Meltdown Attack allows a user application to read data stored inside kernel level memory. In other words, it “melted down” the security boundary between the user and the kernel.

 

 

阅读  ┆ 评论  ┆ 转载 ┆ 收藏 
标签:

atsec

Happy International Women's Day to all our wonderful atsec colleagues in Europe, US and Asia.



阅读  ┆ 评论  ┆ 转载 ┆ 收藏 

by Andreas Fabis

When we talk to our customers about FIPS 140-2 testing some questions regarding certificate maintenance frequently come up:

•“What happens to my certificate if I make changes to my module?”
•“Do I have to re-certify every single time I make a small change?”
•“What if we want to patch a vulnerability?”
There are many factors that can lead to module or platform changes: technical, business and marketing, to name a few. Navigating the rules and options of FIPS 140-2 re-certification can be challenging, and currently there are additional factors and deadlines to consider:
•The switch from FIPS 140-2 to FIPS 140-3 (mandatory after September 22nd 2021)
•Th

阅读  ┆ 评论  ┆ 转载 ┆ 收藏 
标签:

eidas

欧盟

atsec

atsec is happy to announce that we are now a licensed Conformity Assessment Body (CAB) under Electronic Identification, Authentication and Trust Services (eIDAS). eIDAS is an EU regulation on electronic identification and trust services for electronic transactions that applies as law within the whole of the EU.

 

Trust services include electronic signatures, electronic seals, time stamps, electronic delivery services and website authentication. Together with eID, these elements are essential for the establishment of legal certainty, trust and security in electronic transactions.



The eIDAS regulation also sets out what trust service providers need to do in order to gain qualified

阅读  ┆ 评论  ┆ 转载 ┆ 收藏 
标签:

atsec

by Andreas Fabis


During my almost 20 years with the company (first as a freelancer, then as an employee) I have seen atsec grow from a small, determined group of IT professionals in a crammed room full of computers into an international company with a well-earned, excellent reputation in the IT security world.

 

Growing from the first baby steps to corporate adulthood comes with challenges, set-backs and opportunities to learn. I would like to share the personal lessons that have stuck with me during my time with atsec.

 

阅读  ┆ 评论  ┆ 转载 ┆ 收藏 
标签:

atsec

圣诞节

致所有尊贵的客户,同事,朋友和家人,我们祝您节日快乐,新年安康。

我们期待着与您来年进一步合作。

祝好,
atsec团队


Holiday Greetings from atsec!

To all of our valued customers, colleagues, friends and family we wish Happy Holidays and a Safe and Secure New Year.

We are looking forward to working with you in the coming year.

Regards,
your atsec team

 

请查看视频:

https://video.h5.weibo.cn/1034:4453441234468884/4453441693022069

 

阅读  ┆ 评论  ┆ 转载 ┆ 收藏 

作者:atsec 张志鹏
PIN Security的标准演进


随着电子支付交易的爆发式增长导致了网络犯罪的不断增加,尤其是针对信用卡盗刷的案件逐年上升。因此,联机交易和脱机交易中保护机密数据(例如PIN:personal identification number以及用于保护PIN的相关密钥等)比以往任何时候都变得更加重要。


PIN作为交易敏感认证数据经常会用于高风险场景,例如大额支付交易、脱机交易等。因此对保护支付安全有更大的意义。本文所要介绍的正是用于保护PIN数据以及相关密钥数据的安全标准-PCI PIN安全要求和测试程序(PCI PIN Security Requirements and Testing Procedures)。该标准包括:在ATM以及有人看守和无人看守销售点(POS:point-of-sale)终端处理联机交易或者脱机交易时,针对个人识别数字(PIN)安全管理、处理和传输的完整的要求。


该安全要求标准早在2011年10月,就已经由支付卡产业(PCI:Payment Card Industry)安全标准委员会(SSC:Security Standards Council)发布初始版本v1.0,2014年12月发布v2.0版本,2018年8月发布v3.0版本。2019年1月以前,PIN安全审核公司的资质是由各个卡品牌自己来维护和

阅读  ┆ 评论  ┆ 转载 ┆ 收藏 
  

新浪BLOG意见反馈留言板 电话:4000520066 提示音后按1键(按当地市话标准计费) 欢迎批评指正

新浪简介 | About Sina | 广告服务 | 联系我们 | 招聘信息 | 网站律师 | SINA English | 会员注册 | 产品答疑

新浪公司 版权所有