Name: Root Causes Episode 135: The Heartbleed Vulnerability
Start: 2021-08-02T17:46:00Z
End: 2021-08-02T17:46:24.000Z
Location: BrightTALK
Rating: 0

We are the world's largest commercial SSL Certificate Authority. Our webinars are specially designed to help you protect your online business, connected devices, applications, and digital identities.

With today’s encryption algorithms steadily marching toward the so-called Quantum Apocalypse, it has never been more important to prepare for Post Quantum Cryptography.
 
Join Jason Soroko and Tim Callan for the latest in Post Quantum Cryptography, what’s in the cards for 2023, and how you can prepare your business for quantum computing’s advances.

2023 – the Year to Be Quantum Ready

Join us to discover and avoid the most common PKI errors businesses make. We’ll shine a spotlight on typical certificate and deployment problems, systemic security problems, governance problems and visibility problems.

Sounds familiar? While these mistakes are easily made, we’re giving you handy hints and tips of how you can set up your business for PKI success. (Hint: Crypto-agility is one of the strategies!)

Don't Make These 21 PKI Mistakes

Passwordless is a hot topic, and rightly so, as shared-secret credentials represent not only a terrible user experience but also a major vulnerability in today’s modern infrastructure.  Unfortunately, many so-called “passwordless” solutions are anything but. 

In this presentation, Tim Callan and Jason Soroko will:
- Define what a true passwordless solution is, what isn’t and why the difference matters 
- Show you how to tell if an approach is truly passwordless or merely “less password” 
- Explain why Multi-Factor Authentication is merely a partial mitigator for the vulnerabilities inherent in shared-secret credentials 
- Spell out strategies for dealing with situations where true passwordless is difficult or impossible to implement in order to minimize your exposure

Is Your Passwordless Really Passwordless?

We need Trust, not "Zero Trust"! From Cybersecurity, Digital Identity, to the Metaverse; Digital Trust underpins it all. Zero Trust is a great concept, but it is only the first step in the journey to secure digital identities. 

In this session David Mahdi focuses on:
- The strategic notion of Zero Trust, and what it means in a world that needs Digital Trust. 
- The definition of Identity-First and Perimeter-Less Security, a Gartner Top Security trend, with Zero Trust network architecture in mind. 
- The importance of Identity-First Security and establishing Digital Trust for human and machine identities.

We’re So Done With Zero Trust! Why You Need to Focus on Digital Trust

The recent announcement of NIST’s third round selections for post-quantum encryption algorithms is a major milestone in the journey to quantum-safe computing systems. But while this announcement marks the end of one chapter, another is only beginning. Now standards bodies, hardware and software manufacturers, and ultimately businesses across the globe will have to implement new cryptography across all aspects of their computing systems. Until we have upgraded cryptography everywhere, our digital operations remain insecure. 

Join Sectigo's Chief Compliance Officer Tim Callan and CTO Jason Soroko to learn:
- Who the 4 NIST winners are and what their respective algorithms are for
- Why cryptoagility matters now more than ever before
- What practical steps your organization needs to take to prepare for quantum-resistant encryption

Preparing for Post-Quantum Security

Increasing cybersecurity concerns require enhanced control over administration, and certificate-based SSH delivers substantial improvements to the SSH community. In this webinar, Tim and Jason discuss how certificate lifecycle management for SSH offers organizations significant cost-savings along with increased fine-grained controls over IT server administration.

Certificate Lifecycle Management for SSH

Talking about cybersecurity tends to be all doom and gloom, but it shouldn't be. There is a lot to be positive about. In this webinar, Tim Callan and Jason Soroko discuss five positive security trends that we'd like to see continue into 2022, and more specifically how security technologies are moving from endpoints to core enterprise security.

5 Positive Security Trends for 2022

A VPN is not a security tool! It's in the name. This is just one of the many security misconceptions that people still continue to believe in 2022. There is a lot of misinformation surrounding information security and it only makes our jobs harder when protecting sensitive data. In this webinar, Sectigo’s Jason Soroko and Greg Mooney discuss the top security fallacies and some tips on ways to avoid them.

15 Security Fallacies We Still Commit in 2022

The volume of certificates used to secure human and machine identities is growing exponentially. Businesses face new management challenges that can't be solved with legacy CA models or outdated on-premises solutions. Sectigo solves this challenge by introducing a new universal platform to automate the lifecycle management for all certificates issued by Sectigo and other public and private CAs used across the enterprise. It's modern PKI for the modern enterprise. Join Tim Callan and Jason Soroko as they unveil the new CA agnostic capabilities in Certificate Manager, Sectigo's flagship certificate management platform.

CA Agnostic Certificate Lifecycle Management for the Modern Enterprise

Certificate Lifecycle Management (CLM) platforms can deal with certificates from a number of sources. A CLM that can provision certificates of all types from all CAs, private and public, would be described as "CA agnostic." In this episode we explain this idea and its significance along with the key criteria for choosing a CA agnostic CLM platform.

Root Causes Episode 189: What is CA Agnostic

Malware and other web site attacks are a frequent problem for small businesses and can result in reputational damage and site access being blocked or hindered by end user software and services. We are joined by web site protection expert JP Armenta, who explains how these attacks occur, their effects, and how site operators can protect themselves.

Root Causes 188: Introduction to Web Security

Apple recently announced that it would be limiting the allowable term for public S/MIME certificates to 825 days. Our hosts explain the implications of this declaration.

Root Causes Episode 187: Apple Limits Term for SMIME Certificates

In this episode our hosts explain how an esoteric digital signature error rendered a 3 billion Euro manufacturing contract with the Austrian government invalid.

Root Causes Episode 186: Digital Signature SNAFU Costs Swiss Company Billions

The root certificates of the EU's Covid Passport program have suffered a private key compromise and counterfeit passports are now for sale on the black market. We explain the implications of this shocking revelation.

Root Causes Episode 185: EU Covid Passport Root Key Stolen

Recent cyber threats like the PetitPotam relay attack on Microsoft, the SolarWinds supply chain compromise, and countless others have put a bright spotlight on the age-old debate: Is the cloud as secure as an on-premise infrastructure? As enterprises are targeted with increasingly sophisticated on-premise breaches – despite firewalls and other roadblocks – it is clear data center proximity does not equal impenetrable protection. Tim Callan and Jason Soroko explain the benefits of a cloud-based approach to security and why certificate-based authentication between all systems is critical to securing enterprises today and tomorrow.

Cloud or On-Premise: Updating Assumptions on Secure Certificate Management

Recent research reveals that certificate misconfiguration in a commonly used college WiFi platform that can lead to exposure and theft of users' login credentials. Our hosts discuss WiFi authentication and the EAP protocol and explain how this vulnerability occurs.

Root Causes Episode 184: Popular College Wifi Vulnerability Revealed

At this year's BlackHat, a talk and white paper detailed the threat of MSCA root key attacks, which can be used to create unauthorized certificates. This release includes a pair of offensive toolkits and a defensive toolkit. We explain the importance of this release and provide a clear action list for IT professionals in charge of Microsoft CA.

Root Causes 183: New MSCA Attack Toolkits

Let's Encrypt's recent root expiration caused widespread service outages and other hassles for online services and sites. Our hosts discuss this expiration, why so many problems resulted, and the recipe for avoiding these problems in the future.

Root Causes Episode 182: Let's Encrypt Root Expiration

In April 2014 a software vulnerability called Heartbleed was discovered in OpenSSL. Heartbleed made it possible for attackers to send commands to web servers and steal their private keys. Certificate subscribers around the world had to scramble to patch their servers and replace certificates by the millions. Guest Nick France joins us to explain this vulnerability, its consequences, and whether or not a Heartbleed-like vulnerability could occur today.

Root Causes Episode 135: The Heartbleed Vulnerability

Heartbleed

Cyber Security

Identity Management

Digital Identity

Public Private

Key Management

Cyber Attacks

Vulnerabilities

Welcome to the mobile computing community on BrightTALK! With the consumerization of IT and the widespread adoption of mobile devices across the globe, mobile computing has become an important part of many people's lives in a culture of bring your own device (BYOD). With mobile devices doubling as work phones and more employees working from home, businesses need to provide secure access to data and work applications from anywhere at any time. Join this growing community and hear from industry thought leaders in webinars and videos as they share their insight on mobile computing research and trends.

Mobile Computing

Cloud computing has exploded over the past few years, delivering a previously unimagined level of workplace mobility and flexibility. The cloud computing community on BrightTALK is made up of thousands of engaged professionals learning from the latest cloud computing research and resources. Join the community to expand your cloud computing knowledge and have your questions answered in live sessions with industry experts and vendor representatives.

Cloud Computing

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Root Causes Episode 135: The Heartbleed Vulnerability

Presented by

About this talk

More from this channel