Categories Topics
Description
Encryption

Overview
Encryption is a form of cryptography used to code a message such that it's meaning is concealed. The message is transformed from plain text to ciphertext using a mathematical formula (i.e., algorithm). The message can then be read by authorized individuals or systems by transforming the encrypted message back to original plain text (i.e., decryption). The primary objectives of encryption are to ensure Confidentiality, Data Integrity, Authentication and Non-repudiation (i.e., prove sender of message and message has not been falsified or altered).

Guidelines
Today's cryptographic systems generally include three types of cryptographic algorithms to include Symmetric, Asymmetric and Hash:
  • Symmetric ("Secret key" or "private key"): single key used for encryption and decryption and is a shared secret between sender and receiver. Examples include:​
    • AES (Advanced Encryption Standard) with key lengths of 128, 192 and 256 and maximum key life of 2, 3, and 7 years respectively
    • TDES (Triple Data Encryption Standard) with key lengths of 64 for each key pair and maximum key length of 3 years
  • Asymmetric ("Public Key Encryption"): slower public/private key pair. Consists of Trusted channel where public keys are widely distributed within digital certificates. Examples of asymmetric encryption algorithms include:
    • RSA (Rivest, Shamir, Adleman) with key lengths of 2048 and maximum key life (years) of 4 years
    • ECC (Elliptic Curve Cryptography) with key lengths of 192, 256, 384, and 512 and maximum key life (in years) of 2, 3, 5 and 7 respectively.
Although not considered 'encryption', hashing is another form of cryptography generally used for protecting passwords and to ensure file or message integrity. Hashing is the process of converting input data (e.g., a file or plain text that is called the "message") into a hash value also called the "message digest." The message is converted "one way" into an alphanumeric value via a cryptographic hashing function and cannot be inverted. Examples of recommended algorithms include the Secure Hash Algorithm (SHA-2 family) with Digest Length of 224, 256, 384 and 512 bits and lifetime of 3 years (for re-evaluation of digest size). 

NIST also published, on August 5, 2015, the Federal Information Processing Standard (FIPS) 202, SHA-3 Standard: Permutation-Based Hash and Extendable-Output Functions, and also made a revision to the Applicability Clause of Federal Information Processing Standard (FIPS) 180-4, Secure Hash Standard.

Sensitive information should be encrypted in the following scenarios to ensure Confidentiality, Data Integrity, Authentication and Non-repudiation of information:
  • Data at rest: sensitive data stored in files, databases and applications
  • Data in transit: sensitive data that is transmitted across the network (internally or over the internet) or outside of the network or organization (such as removable media).
Secure protocols should always be used when transmitting sensitive data. Methods of securing data transmission that use recommended encryption algorithms include, but not limited to:
  • Digital Signature Standard (DSS)
  • Transport Layer Security (TLS) version 1.1, 1.2 or higher (used in session-level encryption management, e-mail transmission and mobile devices)
  • Secure Shell (SSH) - to also include the following file transfer protocols:
    • Secure copy (SCP)
    • SSH File Transfer Protocol (SFTP), a more secure protocol over FTP
Note: Secure Sockets Layer (SSL) version 2 and 3 must be disabled. 
 

Topic Category
Cryptography
 
News Articles
FBI says it can't unlock 8,000 encrypted devices, demands backdoors for America's 'public safety'www.theregister.co.uk1/9/2018
Forever 21 investigation reveals malware presence at some storeswww.zdnet.com1/2/2018
Drone maker DJI left its private SSL, firmware keys open to world+dog on GitHub FOR YEARSwww.theregister.co.uk11/17/2017
Mozilla Raises Concerns Over DigiCert Acquiring Symantec CAwww.securityweek.com10/31/2017
Google: Chrome is backing away from public key pinning, and here's whywww.zdnet.com10/30/2017
Phone crypto shut FBI out of 7,000 devices, complains chief g-manwww.theregister.co.uk10/23/2017
Hackers Take Aim at SSH Keys in New Attacksthreatpost.com10/20/2017
Google to enforce HTTPS on TLDs it controlswww.helpnetsecurity.com10/4/2017
Adobe accidentally releases private PGP keywww.zdnet.com9/25/2017
IBM wants you to encrypt everything with its new mainframewww.networkworld.com7/17/2017
Australia’s New Laws Would Force Tech Companies to Decrypt Messageswww.tripwire.com7/14/2017
It's time to upgrade to TLS 1.3 already, says CDN engineerwww.networkworld.com6/23/2017
Identity management outfit OneLogin sugar coats impact of attackwww.theregister.co.uk6/1/2017
Font sharing site DaFont has been hacked, exposing thousands of accountswww.zdnet.com5/19/2017
Microsoft finally bans SHA-1 certificates in Internet Explorer and Edgewww.networkworld.com5/10/2017
UK official wants police access to WhatsApp messageswww.computerworld.com3/27/2017
21% of websites still use insecure SHA-1 certificateswww.helpnetsecurity.com3/8/2017
Android gets patches for critical OpenSSL, media server and kernel driver flawswww.computerworld.com3/7/2017
Dridex’s Cold War: Enter AtomBombingsecurityintelligence.com2/28/2017
The SHA1 hash function is now completely unsafewww.computerworld.com2/24/2017
OpenSSL Update Fixes High-Severity DoS Vulnerabilitythreatpost.com2/21/2017
UK sports retailer Sports Direct hackedwww.helpnetsecurity.com2/9/2017
Telemarketing Firm Leaks 400,000 Recorded Callsthreatpost.com1/30/2017
Google to Operate its Own Root CAthreatpost.com1/27/2017
Firefox 51 starts flagging HTTP login pages as insecurewww.helpnetsecurity.com1/25/2017
GoDaddy revokes digital certificates improperly validated due to bugwww.theregister.co.uk1/11/2017
FBI says it can't unlock 8,000 encrypted devices, demands backdoors for America's 'public safety'www.theregister.co.uk1/10/2017
Apple gives iOS app developers more time to encrypt communicationswww.networkworld.com12/23/2016
Encryption backdoors are against US national interest, say lawmakerswww.zdnet.com12/22/2016
Project Wycheproofsecurity.googleblog.com12/19/2016
‘SSL Death Alert’ (CVE-2016-8610) Can Cause Denial of Service to OpenSSL Serverssecuringtomorrow.mcafee.com12/13/2016
US Navy suffers data breachwww.scmagazine.com11/24/2016
Microsoft Cutting Off SHA-1 Support in February for Edge, IE 11threatpost.com11/22/2016
Sam's Club resets passwords after thousands of logins posted onlinewww.zdnet.com11/7/2016
Here’s to more HTTPS on the web!security.googleblog.com11/3/2016
Lost thumb drives bedevil U.S. banking agencywww.computerworld.com10/29/2016
43+ million users affected by confirmed Weebly breachwww.helpnetsecurity.com10/21/2016
Encrypted communications could have an undetectable backdoorwww.computerworld.com10/11/2016
OpenSSL patches 14 vulns, including high-severity flaw that can be exploited for DoS attackswww.scmagazine.com9/25/2016
OpenSSL swats a dozen bugs, one notable nastywww.theregister.co.uk9/23/2016
Moving towards a more secure websecurity.googleblog.com9/8/2016
Internet of Sins: Million more devices sharing known private keys for HTTPS, SSH adminwww.theregister.co.uk9/7/2016
Russian internet giant Rambler.ru hacked, leaking 98 million accountswww.zdnet.com9/5/2016
Big data busts crypto: 'Sweet32' captures collisions in old cipherswww.theregister.co.uk8/29/2016
Many hospitals transmit your health records unencryptedwww.computerworld.com8/22/2016
Microsoft Secure Boot key debacle causes security panicwww.zdnet.com8/10/2016
HEIST attack on SSL/TLS can grab personal info, Black Hatwww.scmagazine.com8/4/2016
Adding YouTube and Calendar to the HTTPS Transparency Reportsecurity.googleblog.com8/1/2016
Amazon Silk browser ignored SSL searches, failing to protect your privacywww.zdnet.com7/25/2016
D-Link Patches Weak Crypto in mydlink Devicesthreatpost.com6/14/2016
Microsoft to begin SHA-1 crypto shutoff with Windows 10's summer upgradewww.computerworld.com5/2/2016
Microsoft broadens test of Windows 10's Enterprise Data Protection featurewww.zdnet.com4/12/2016
FBI to help U.S. agencies unlock encrypted deviceswww.computerworld.com4/3/2016
TLS isn't up to the job without better credential protection says RFCwww.theregister.co.uk3/15/2016
Symantec partners with hosting providers to offer free TLS certificates to website ownerswww.networkworld.com3/15/2016
Project issues 1 million free digital certificates in three monthswww.computerworld.com3/9/2016
Microsoft's top lawyer defends encryption and Applewww.networkworld.com3/4/2016
Encryption: Do it early, do it often, says data watchdogwww.zdnet.com3/4/2016
AT&T, Verizon call for federal action on encryption policywww.computerworld.com3/3/2016
France could fine Apple $1m for each iPhone it fails to unlockwww.zdnet.com3/2/2016
DROWN Flaw Exposes 33 Percent Of HTTPS Connections To Attackthreatpost.com3/1/2016
Apple and FBI Take Their iPhone Hacking Fight to Congresswww.wired.com3/1/2016
Tim Cook defends Apple's refusal to help the FBI in new interviewwww.networkworld.com2/26/2016
Research: Attackers Drained $103,000 Out of Bitcoin Wallets Protected by Passwordswww.tripwire.com2/16/2016
Google Chrome gets ready to mark all HTTP sites as 'bad'www.zdnet.com1/28/2016
New York tries to force phone makers to put in crypto backdoorsnakedsecurity.sophos.com1/15/2016
Time Warner Cable says up to 320K customers' data may have been stolenwww.cnbc.com1/7/2016
The Father of Online Anonymity Has a Plan to End the Crypto Warwww.wired.com1/6/2016
Dutch Government Embraces Encryption, Denounces Backdoorsthreatpost.com1/5/2016
Researcher criticises 'weak' crypto in Internet of Things alarm systemwww.theregister.co.uk12/31/2015
Proactive measures in digital certificate securitygoogleonlinesecurity.blogspot.com12/11/2015
Calls grow for government back doors to encryptionwww.cnbc.com11/16/2015
EMC, Hospital to Pay $90,000 Over Data Theft From Stolen Laptopwww.tripwire.com11/9/2015
Hacking Team returns with encryption cracking tool pitch to customerswww.zdnet.com11/2/2015
Hackers put up for sale 13 million plaintext passwords stolen from 000webhostwww.net-security.org10/29/2015
Fewer IPsec VPN Connections at Risk from Weak Diffie-Hellmanthreatpost.com10/28/2015
TalkTalk breach: CEO dismisses encryption, 15-year-old arrestednakedsecurity.sophos.com10/27/2015
TalkTalk hack hits up to 4 million in unencrypted data theftwww.zdnet.com10/23/2015
Let's Encrypt issues its first open source certificatewww.scmagazine.com9/17/2015
Encryption puts terrorists beyond the reach of law, says MI5 chiefwww.zdnet.com9/17/2015
Microsoft, Google, Mozilla to Kill RC4 in Browserswww.securityweek.com9/2/2015
Applock riddled with security holes, researcher claimswww.zdnet.com9/2/2015
Another Popular Android Application, Another Leakwww.fireeye.com8/19/2015
Internet company Web.com hit by credit card breachwww.computerworld.com8/19/2015
Hacker steals Bitdefender customer info, blackmails companywww.net-security.org8/3/2015
Attack Exploits Weaknesses in RC4 Algorithm to Reveal Encrypted Datawww.tripwire.com7/16/2015
As Predicted, OPM Director Resigns in Wake of Epic Hackwww.wired.com7/10/2015
IETF Officially Deprecates SSLv3threatpost.com6/26/2015
Bing to encrypt search traffic by defaultwww.theregister.co.uk6/16/2015
OpenSSL patches and releases new versionswww.scmagazine.com6/12/2015
Hacked data on millions of US gov't workers was unencryptedwww.computerworld.com6/11/2015
US to require HTTPS for all government websiteswww.computerworld.com6/9/2015
US tech appeals to Obama to keep hands off encryptionwww.cnbc.com6/9/2015
Looking Forward: Microsoft: Support for Secure Shell (SSH)blogs.msdn.com6/2/2015
Blue Coat: SSL Visibility Appliance web based vulnerabilitiesisc.sans.edu5/31/2015
Logjam security flaw leaves top HTTPS websites, mail servers vulnerablewww.zdnet.com5/20/2015
New Critical Encryption Bug Affects Thousands of Siteswww.wired.com5/20/2015
Microsoft Security Advisory 3042058: Update to Default Cipher Suite Priority Ordertechnet.microsoft.com5/12/2015
Mozilla Moving Toward Full HTTPS Enforcement in Firefoxthreatpost.com5/1/2015
Ads Take a Step Towards “HTTPS Everywhere”googleonlinesecurity.blogspot.com4/17/2015
Google sticks anti-SQL injection vaccine into MySQL MariaDB forkwww.theregister.co.uk4/9/2015
Firefox issues brand new update to fix HTTPS security hole in new updatenakedsecurity.sophos.com4/7/2015
Mozilla piles on China's SSL cert overlord: We don't trust you eitherwww.theregister.co.uk4/2/2015
Wider use of HTTPS could have protected GitHubwww.computerworld.com4/1/2015
Virgin Media takes its time on website crypto upgradewww.theregister.co.uk3/30/2015
OpenSSL to Fix “High” Severity Security Flaw on Thursdaywww.tripwire.com3/17/2015
Microsoft scrambles to kill Live.fi man-in-the-middle diddlewww.theregister.co.uk3/17/2015
Yahoo Previews End-To-End Email Encryption Plug-Inthreatpost.com3/16/2015
Cryptography Services launches security audit for OpenSSLwww.scmagazine.com3/13/2015
Stolen hard drives bring more data breach pain for US health servicesnakedsecurity.sophos.com3/11/2015
PATCH FREAK NOW: Cloud providers faulted for slow responsewww.theregister.co.uk3/5/2015
Apple and Google prepare patches for FREAK SSL flawwww.zdnet.com3/4/2015
HP bolsters encryption business with Voltage Security acquisitionwww.scmagazine.com2/10/2015
Poor security left Anthem customer records exposedwww.zdnet.com2/6/2015
Google Trades Technicality for Brevity With New #SSL Warningthreatpost.com2/3/2015
NFL Mobile App Leaks Unencrypted Credentialsthreatpost.com1/28/2015
Holes in Progressive Dongle Could Lead to Car Hacks:threatpost.com1/19/2015
Gogo in-flight WiFi service serves fliers fake Google certswww.net-security.org1/6/2015
Half of UK financial institutions vulnerable to well-known crypto flawswww.theregister.co.uk1/5/2015
6 aging protocols that could cripple the Internetwww.computerworld.com12/26/2014
And now for some good news... Facebook sets up hidden service in privacy pushwww.zdnet.com12/1/2014
Google Removes SSLv3 Fallback Support From Chrome:threatpost.com11/18/2014
Microsoft fixes critical crypto flaw, strengthens encryption for older systemswww.computerworld.com11/12/2014
Introducing nogotofail—a network traffic security testing toolgoogleonlinesecurity.blogspot.com11/4/2014
American Express Brings Tokenization to Payment Cardsthreatpost.com11/3/2014
Layering EMV chip, tokenization, encryption bolsters card payment securitywww.scmagazine.com10/28/2014
OpenSSL Patches Four Vulnerabilitieswww.us-cert.gov10/16/2014
Mobile Device Encryption Could Lead to a ‘Very, Very Dark Place’, FBI Director Says:threatpost.com10/16/2014
POODLE exploits SSL 3.0 fallbackwww.scmagazine.com10/15/2014
Google and Apple Won’t Unlock Your Phone, But a Court Can Make You Do Itwww.wired.com9/22/2014
Apple doubles-down on security, shuts out law enforcement from accessing iPhones, iPadswww.zdnet.com9/18/2014
Google ‘Sunsetting’ Weak SHA-1 Crypto Algorithmthreatpost.com9/9/2014
OpenSSL to prenotify distros of severe security fixeswww.zdnet.com9/8/2014
Firefox 32.0 fixes holes, shakes out some old SSL certs, introduces certificate pinningnakedsecurity.sophos.com9/3/2014
Google to Prioritise Secure Websiteswww.bbc.com8/7/2014
Oracle issues a virtual strongbox for enterprise encryption keyswww.computerworld.com8/7/2014
Only '3% of web servers in top corps' fully fixed after Heartbleed snafuwww.theregister.co.uk7/29/2014
63% of businesses don't encrypt credit cardswww.net-security.org7/17/2014
LibreSSL crypto library leaps from OpenBSD to Linux, OS X, morewww.theregister.co.uk7/12/2014
Cisco Patches Hardcoded SSH Key Vulnerability in UCMthreatpost.com7/3/2014
LinkedIn called out on slow implementation of default SSLwww.computerworld.com6/19/2014
WordPress Promises SSL on All Domains by End of 2014threatpost.com6/6/2014
Google Releases End-to-End Encryption Extensionthreatpost.com6/4/2014
TrueCrypt considered HARMFUL – downloads, website meddled to warn: 'It's not secure'www.theregister.co.uk5/28/2014
Congress divorces NIST and NSAwww.theregister.co.uk5/26/2014
IM services start to block unencrypted chatswww.theregister.co.uk5/20/2014
Microsoft continues RC4 encryption phase-out plan with .NET security updateswww.computerworld.com5/14/2014
SanDisk ships its first self-encrypting SSDswww.computerworld.com5/13/2014
SHA-2 takes off, thanks to Heartbleedwww.zdnet.com5/6/2014
iOS 7 reportedly not encrypting email attachmentswww.cnet.com5/5/2014
AOL confirms security breach from spam attackwww.theregister.co.uk4/28/2014
Heartburn from Heartbleed forces wide-ranging rethink in open source worldwww.cnet.com4/24/2014
Apple splats 'new' SSL snooping bug in iOS, OS X - but it's no Heartbleedwww.theregister.co.uk4/23/2014
Internet slowed by Heartbleed identity crisiswww.zdnet.com4/16/2014
Heartbleed Saga Escalates With Real Attacks, Stolen Private Keysthreatpost.com4/14/2014
CloudFlare keys snatched using Heartbleedwww.zdnet.com4/12/2014
Heartbleed coder admits 'oversight' but backs open sourcewww.cnet.com4/11/2014
Heartbleed: What programs are 'critical infrastructure'?www.zdnet.com4/9/2014
SSL Bug Threatens Secure Communicationssecuritywatch.pcmag.com4/8/2014
Drives containing info on 2,500 stolen from Michigan health departmentwww.scmagazine.com4/7/2014
Status Update: Encryption at Yahooyahoo.tumblr.com4/2/2014
Facebook security chief: We're not encrypting everything between our data centers just yetwww.theregister.co.uk3/19/2014
Red Hat plans unified security management for Fedora 21www.theregister.co.uk3/18/2014
Yahoo, ICQ chats still vulnerable to government snoopsnews.cnet.com2/28/2014
Apple vows to fix Mac SSL encryption bug 'very soon'www.zdnet.com2/23/2014
Kickstarter Compromised, User Data Stolenthreatpost.com2/15/2014
After data breach, Target develops high-security credit cardswww.zdnet.com2/4/2014
Judges Poised to Hand U.S. Spies the Keys to the Internetwww.wired.com2/3/2014
Hackers access 800,000 Orange customers' datawww.zdnet.com2/3/2014
OpenSSH 6.5 has been released with enhanced crypto capabilitieswww.openssh.org1/31/2014
Verizon launches security certificate service for IoTwww.zdnet.com1/28/2014
Theft of unencrypted laptops behind Coca-Cola breach impacting 74,000www.scmagazine.com1/27/2014
Letter from Crypto Pioneers Denounces NSA Surveillancethreatpost.com1/24/2014
Twitter enforces SSL encryption for apps connecting to its APIwww.zdnet.com1/14/2014
Target hackers: Woohoo, we're rich! Um. Guys? Anyone know how to break bank encryption?www.theregister.co.uk1/14/2014
Critics Cut Deep on Yahoo Mail Encryption Rolloutthreatpost.com1/9/2014
Yahoo enables default HTTPS encryption for Yahoo Mailnews.cnet.com1/7/2014
Bruce Schneier Joins Startup Co3 Systemsthreatpost.com1/6/2014
Windows Error Reporting Exposes Your Vulnerabilitiessecuritywatch.pcmag.com1/2/2014
Encrypted PIN Data Stolen in Target Breachthreatpost.com12/27/2013
Target: Encrypted PINs stolen but not encryption keynews.cnet.com12/27/2013
Two Missing Insurance Laptops May Impact 800k Peoplethreatpost.com12/16/2013
French Government Spoofs Google Certificatethreatpost.com12/9/2013
Two million stolen Facebook, Twitter, Yahoo, ADP passwords found on Pony Botnet serverwww.zdnet.com12/4/2013
Microsoft to encrypt network traffic amid NSA datacenter link tapping claimswww.zdnet.com11/27/2013
Racing Post p0wned, accounts accessed and passwords pinchedwww.theregister.co.uk11/25/2013
Thales, Microsoft serve secure crypto in the cloudwww.zdnet.com11/25/2013
Microsoft to Roll Out Encrypted Message Service for Office 365threatpost.com11/22/2013
Data of 42 MILLION seekers for love plundered from Aussie dating sitewww.theregister.co.uk11/20/2013
Out with the old: Stronger certificates with Google Internet Authority G2googleonlinesecurity.blogspot.com11/18/2013
Mandatory HTTP 2.0 encryption proposal sparks hot debatewww.theregister.co.uk11/14/2013
MacRumors Forums Hacker Says Passwords Won’t Be Leakedthreatpost.com11/13/2013
Microsoft Warns Customers Away From SHA-1 and RC4threatpost.com11/13/2013
OpenSSH Fixes Memory Corruption Bug With Updatethreatpost.com11/11/2013
PCI Security Standards Council announces new Point-to-Point Encryption Solutionswww.pcisecuritystandards.org10/31/2013
Apple's iMessage encryption claims refuted (again)www.zdnet.com10/18/2013
How to Design — And Defend Against — The Perfect Security Backdoorwww.wired.com10/16/2013
Yahoo Mail finally turns on SSLnews.cnet.com10/14/2013
Unencrypted laptop stolen from Calif. hospital puts patients at riskwww.scmagazine.com9/30/2013
How a Crypto ‘Backdoor’ Pitted the Tech World Against the NSAwww.wired.com9/24/2013
Microsoft puts something hard and sensitive in your pocketwww.theregister.co.uk9/18/2013
Questions About Crypto Security Follow Latest NSA Revelationsthreatpost.com9/9/2013
New claims NSA can access data on iOS, Android, BlackBerrywww.zdnet.com9/9/2013
Philips Light Bulb Vulnerability Could Leave Some In the Darkthreatpost.com8/15/2013
Google now encrypts cloud storage by defaultnews.cnet.com8/15/2013
Deutsche Telekom and United Internet launch 'made in Germany' email in response to PRISMwww.zdnet.com8/12/2013
Windows Phones BLAB passwords to hackers, thanks to weak cryptowww.theregister.co.uk8/6/2013
Google beefs up its SSL keys to 2048-bitswww.zdnet.com7/31/2013
SIM cards vulnerable to hacking, says researcherwww.computerworld.com7/22/2013
California data breach study indicates lack of encryptionwww.scmagazine.com7/15/2013
Security firm claims 99 percent of Android apps open to takeoverwww.zdnet.com7/4/2013
California to Focus on Unencrypted Data in Breach Investigationsthreatpost.com7/3/2013
EncryptFree and Other Tools to Help Consumers Dodge Web Snoopingblogs.mcafee.com7/1/2013
Detective's stolen laptop risks data of 2,300 in Washington statewww.scmagazine.com6/28/2013
Nicked unencrypted PC with 6,000 bank details lands council fat finewww.theregister.co.uk6/7/2013
Google to lengthen SSL encryption keys in Augustwww.computerworld.com5/24/2013
Intel's McAfee brings biometric authentication to cloud storagewww.computerworld.com5/14/2013
Washington Court Data Breach Exposes 160K SSNsthreatpost.com5/10/2013
Name.com forces customers to reset passwords following security breachwww.computerworld.com5/9/2013
Investment regulator loses portable device containing personal datawww.scmagazine.com4/15/2013
Hack of college database jeopardizes sensitive data of 125k studentswww.scmagazine.com4/11/2013
Laptop stolen from S.C. medical center contains data on 7k veteranswww.scmagazine.com4/8/2013
Up to 1 million Scribd user passwords may have been compromisedwww.zdnet.com4/5/2013
GCHQ attempts to downplay amazing plaintext password blunderwww.theregister.co.uk3/27/2013
Service encrypts files stored on Dropboxwww.zdnet.com3/25/2013
Researchers resurrect and improve CRIME attack against SSLwww.computerworld.com3/14/2013
Attack Exploits Weakness in RC4 Cipher to Decrypt User Sessionsthreatpost.com3/14/2013
Apple finally fixes App Store flaw by turning on encryptionwww.computerworld.com3/8/2013
Plain text lesson from Evernote hackwww.zdnet.com3/8/2013
Prepare for 'post-crypto world', warns godfather of encryptionwww.theregister.co.uk3/1/2013
Nursing watchdog fined £150k for confidential unencrypted DVD losswww.theregister.co.uk2/19/2013
Flaws in Emergency Alert System Hardware Allow Remote Login, Zombie Alert Insertionthreatpost.com2/14/2013
US Department of Energy: Which bright spark just hacked us?www.theregister.co.uk2/5/2013
Researchers devise new attack techniques against SSLwww.computerworld.com2/5/2013
Phil Zimmermann: 'We Really, Really Don't Have the Keys'threatpost.com2/5/2013
Department of Energy Compromised in Sophisticated Attackthreatpost.com2/4/2013
Unlucky for you: UK crypto-duo 'crack' HTTPS in Lucky 13 attackwww.theregister.co.uk2/4/2013
Mega responds to security concerns, implements password changeswww.zdnet.com1/23/2013
ESPN's ScoreCenter for iOS sends passwords in clear-text, susceptible to XSS flawwww.zdnet.com1/18/2013
Toshiba tees off 2013 with self-encrypting driveswww.zdnet.com1/7/2013
Feds step up HIPAA enforcement with hospice settlementwww.scmagazine.com1/7/2013
Hacker, Verizon duel over customer record claimswww.zdnet.com12/22/2012
PGP, TrueCrypt-encrypted files CRACKED by £300 toolwww.theregister.co.uk12/20/2012
GPU cluster can crack any NTLM 8-character hashed password in 5.5 hourswww.infosecurity-magazine.com12/10/2012
GPU-stuffed monster cracks Windows passwords in minuteswww.theregister.co.uk12/7/2012
Attackers Had Access for Months in South Carolina Data Breachthreatpost.com11/21/2012
Stolen NASA Laptop Puts ‘Large Number’ of Employees at Riskthreatpost.com11/14/2012
Adobe Hacker Says He Used SQL Injection To Grab Database Of 150,000 User Accountswww.darkreading.com11/14/2012
Regaining Control Of Data In The Cloudwww.darkreading.com11/12/2012
SEC Left Sensitive Data Vulnerable, Report Sayswww.darkreading.com11/9/2012
South Carolina Data Breach Casts Spotlight on Lack of Encryption, Stolen Credentialsthreatpost.com10/31/2012
3.6 Million South Carolina Taxpayers at Risk of ID Theftthreatpost.com10/26/2012
OIG finds 85 percent of VA encryption licenses lay dormantwww.fiercegovernmentit.com10/16/2012
New NIST encryption guidelines may force agencies to replace old websiteswww.computerworld.com8/15/2012
Yahoo user sues over password leaknews.cnet.com8/3/2012
EPA security breach exposes personal information of 8,000 peoplewww.bizjournals.com8/2/2012
Data breach to cost $84M for Global Paymentswww.zdnet.com7/26/2012
Hackers post 450K credentials pilfered from Yahoonews.cnet.com7/11/2012
Formspring springs a leak: 28 MILLION passwords reset after raidwww.theregister.co.uk7/11/2012
Hacking settlement to cost Stratfor $1.75 millionnews.cnet.com6/28/2012
FTC sues Wyndham hotels over data breachesnews.cnet.com6/26/2012
Pennsylvania Man Indicted For Hack of Department of Energy Networkthreatpost.com6/15/2012
Pennsylvania Man Charged with Computer Hacking and Password Traffickingwww.justice.gov6/14/2012
New ID leak from Global Paymentswww.theregister.co.uk6/12/2012
Theft of 44K credit cards is tip of the iceberg, police saynews.cnet.com6/11/2012
LinkedIn password breach: How to tell if you're affectedwww.zdnet.com6/6/2012
NHS fights record £325k ICO fine after clap records appear on eBaywww.theregister.co.uk6/6/2012
Hacker Claims He Stole 4.5M LinkedIn Password Hasheswww.wired.com6/6/2012
Hospital agrees to pay $750,000 over data breach allegationswww.scmagazine.com5/25/2012
VMWare Source Code Leak Follows Alleged Hack of Chinese Defense Contractorwww.wired.com4/25/2012
Stolen NASA laptop had Space Station control codeswww.theregister.co.uk3/1/2012
Report: Hackers Seized Control of Computers in NASA’s Jet Propulsion Labwww.wired.com3/1/2012
Microsoft India warns that hackers accessed customer datawww.computerworld.com2/28/2012
Microsoft online customer accounts hacked in Indianews.cnet.com2/13/2012
Univ. of Hawaii settles with 98,000 over five breacheswww.scmagazine.com1/27/2012
Judge Orders Defendant to Decrypt Laptopwww.wired.com1/23/2012
Hackers disrupt Israel airline, stock marketwww.usatoday.com1/16/2012
Stratfor relaunches site; CEO accuses attackers of censorshipwww.computerworld.com1/11/2012
Report details extent of Anonymous hack on Stratfornews.cnet.com12/27/2011
Anonymous shreds intelligence firm Stratfor in latest hackwww.scmagazine.com12/25/2011
How secure is HTTPS today? How often is it attacked?www.eff.org10/25/2011
Class action suit seeks $4.9 billion in damages from TRICARE data theftwww.nextgov.com10/13/2011
Dutch government to revoke #DigiNotar certificates on Wednesdaywww.scmagazineuk.com9/26/2011
US credit card payment house (Heartland Payment Systems) breached by sniffing malwarewww.theregister.co.uk1/20/2009
White Papers
Lucky Thirteen: Breaking the TLS and DTLS Record Protocolswww.isg.rhul.ac.uk2/4/2013
iOS Securityimages.apple.com5/1/2012
Policies
Encryption Policy
Standards
FIPS PUB 140-2, Security Requirements for Cryptographic ModulesFIPS11/15/2001
FIPS 180-4 Secure Hash Standard (SHS)FIPS8/5/2015
FIPS 186-4 Digital Signature Standard (DSS)FIPS7/23/2013
FIPS 197 Advanced Encryption StandardFIPS11/1/2001
FIPS 202 SHA-3 Standard: Permutation-Based Hash and Extendable-Output FunctionsFIPS8/5/2015
NIST Guideline for Implementing Cryptography in the Federal GovernmentNIST12/1/2005
NIST Guidelines for the Selection, Configuration, and Use of Transport Layer Security (TLS) ImplementationsNIST4/27/2014
NIST SP 800-56A r2 Recommendation for Pair-Wise Key-Establishment Schemes Using Discrete Logarithm CryptographyNIST6/12/2013
NIST SP 800-67 Rev. 1 Recommendation for the Triple Data Encryption Algorithm (TDEA) Block CipherNIST1/1/2012
DRAFT NIST SP 800-67 Rev. 2 Recommendation Revision 2 for the Triple Data Encryption Algorithm (TDEA) Block CipherNIST7/11/2017
NIST SP 800-78-4, Cryptographic Algorithms and Key Sizes for Personal Identity VerificationNIST6/1/2015
NIST Randomized Hashing for Digital SignaturesNIST2/1/2009
NIST SP 800-107 Revision 1 Recommendation for Applications Using Approved Hash AlgorithmsNIST8/24/2012
NIST Guide to Storage Encryption Technologies for End User DevicesNIST11/1/2007
NIST Recommendation for Cryptographic Key GenerationNIST11/16/2012