Encryption algorithms can be intimidating to approach, what’s with all the math involved. However, once you start digging into them, you can break the math apart into smaller steps, and get a feel of what goes into encryption being the modern-day magic we take for granted. Today, [Henry Schmale] writes to us about his small contribution to making cryptography easier to understand – lifting the veil on the RSA asymmetric encryption technique through an RSA calculator.
With [Henry]’s calculator, you can only encrypt and decrypt a single integer, but you’re able to view each individual step of an RSA calculation as you do so. If you want to understand what makes RSA and other similar algorithms tick, this site is an excellent starting point. Now, this is not something you should use when roll your crypto implementations – as cryptographers say in unison, writing your own crypto from scratch is extremely inadvisable. [Henry] does say that this calculator could be useful for CTF players, for instance, but it’s also undeniably an accessible learning tool for any hacker out there wishing to understand what goes on under the wraps of the libraries we use.
In modern day, cryptography is instrumental to protecting our freedoms, and it’s a joy to see people work towards explaining the algorithms used. The cryptography tools we use day-to-day are also highly valuable targets for governments and intelligence agencies, willing to go to great lengths to subvert our communication security – so it’s even more important that we get acquianted with the tools that protect us. After all, it only takes a piece of paper to encrypt your communications with someone.
Getting Weird At RSA 2013: 10 Scenes That Made People Look Twice
Let's face it: Security vendors are getting weird when it comes to marketing their wares, and this year at RSA was no exception. CRN walked the show floor and found 10 scenes that were truly strange.
Apple Vs. Android: Which Smartphone Platform Is Safer?
Five top security researchers reveal their picks for the smartphone platform they believe is the most secure.
20 Examples Of Wacky, Over The Top RSA Signage
The RSA security is a chance for security vendors' marketing teams to go hog-wild, and at this year's show, they did just that. Big data security is fast emerging as the buzzword du jour.
FBI Director Pushes Public-Private Collaboration To Fight Cyberthreats
Government and private industry must work together to combat cyberthreats, FBI director tells RSA Conference attendees.
Verizon 2013 Data Breach Report Will Delve Deeper
A panel of security experts at the RSA Conference reveal that on the black market, the value of medical identification information is 10 to 15 times greater than financial information.
RSA Panel: Thieves Thrive On Stolen Medical Data
Verizon's 2013 Data Breach Investigations Report, which has been the go-to document for a wealth of attack data, has been tilted toward financially motivated cybercrime. A dozen new sources will increase its visibility into targeted attacks and intellectual property theft.
Big Data Could Bolster Security Models, But It's Early, says RSA Chairman
President Obama's cybersecurity executive order could force a limited number of businesses to make improvements to their security postures, but the vast majority of any security best practices will be voluntary, say several former and current government officials at the 2013 RSA Conference.
Presidential Cybersecurity Order: Channel Impact Depends On Implementation
Big data security analytics will help organizations keep pace with adversaries and in many instances get ahead of them, but no security model is a panacea, said RSA executive chairman Art Coviello in a keynote kicking off the 2013 RSA Conference.
DHS Cybersecurity Official Says Industry Falling Behind Attackers
Speaking at the Cloud Security Alliance Summit at RSA Conference 2013, DHS' Mark Weatherford said the security industry needs to stop relying on outdated technologies and create new ways to address system vulnerabilities, threat detection and authentication.
8 Must-See Security Sessions To Attend At RSA Conference 2013
From third-party data breaches to offensive security and dangerous attack techniques, here's a rundown of a handful of RSA Conference sessions that will pique your interest.
Security Pros Say Lack Of Skilled Workers Is The Biggest Threat
An (ISC)2 survey of more than 12,000 information security professionals finds that most of them are under pressure to hire skilled talent in the wake of growing concern over hacktivism and targeted attacks.
5 Most Dangerous New Hacking Techniques
From scrubbing memory of data to leaving a phony trail in malware code, some attackers are upping the ante when it comes to hacking into systems and stealing corporate data or controlling processes, say security experts who outlined the threat trends at the 2013 RSA Conference.
CERT: Insider Threats Can Have Costly Security Consequences
CERT details how malicious insiders have sabotaged computer networks, stolen confidential corporate information and installed malware.
Misconfigured Security Appliances, Basic Missteps Central To Data Breaches: Experts
Some companies are ripping out appliances because complexity and a host of poorly configured devices are contributing to the data breach epidemic, say a group of security experts.
Sophos' New Channel Chief: Partnerships Are A Two-Way Street
In an interview with CRN less than one day into his new role, Mike Valentine says he will bring his own philosophy to Sophos' channel organization while he seeks to reignite business with North American VARs.
Google, Facebook Duke It Out With Microsoft Over Online Privacy
Google and Facebook feel they've been unfairly maligned in the online privacy debate, while Microsoft and Mozilla are using Do Not Track to protect users. At RSA, the two sides met face-to-face.
Security Expert: Trusting Service Providers With Security Is Dangerous
Bruce Schneier, CTO at BT Managed Security Solutions and an all-around security superstar, compares the current state of online services to the age of feudalism -- and guess who the serfs are?
Microsoft: It's Not All Doom And Gloom In Cybersecurity
Despite ongoing challenges in the security industry, Microsoft's Scott Charney cites reasons for optimism.
Microsoft: It's Not All Doom And Gloom In Cybersecurity
Despite ongoing challenges in the security industry, Microsoft's Scott Charney cites reasons for optimism.
8 Cool Network Security Products At RSA 2013
Network security appliance vendors are adding new features that could provide better protection from targeted attacks, sophisticated malware and zero-day exploits.
10 Innovative Security Startups To Watch
Fledgling security vendors vie for the title of most innovative company at RSA Conference 2013 as part of the event's Innovation Sandbox program.
RSA Conference: Big Data, BYOD Join Other Hot Security Topics
The security industry's largest conference will focus on security fundamentals and risk-based decisions. But, mobile security and big data analytics will take center stage at RSA as well.
Mobile messaging service provider Clickatell has partnered with RSA, the security division of EMC, to deliver a mobile authentication service using SMS text messaging.
This technology partnership is because security needs are evolving rapidly. The service is intended to meet the growing demands of customers' needs for a flexible, scalable and intuitive authentication system that allows for remote access.
"Today people are more and more likely to leave their wallet at home than leave their cell phone," said Chuck Drake, executive vice president of Clickatell, Redwood City, CA. "With so many employees working remotely, letting them access the applications and company sites they need via mobile only makes sense."
RSA is enterprise security company with 17,000 companies that use its authentication service to let employees access company applications and sites.
SMS is the ideal form of communication to help enterprises and government agencies provide one-time passwords to mobile employees, contractors and partners. Texts are timely and direct messages received and sent in seconds.
Additionally, the ubiquity of mobile phones makes them a reliable and convenient method of reaching the intended party. But security is an issue, which RSA addresses. For example, RSA SecurID one-time passwords expire after a brief time.
As a result of Clickatell's collaboration with RSA, users who don't typically carry an RSA SecurID two-factor authentication token can now receive an RSA-generated one-time password via text message directly to their phone.
This allows for immediate and secure access to the corporate network without requiring physical tokens to be assigned or software to be installed.
In addition, this technology partnership provides enterprises with a business continuity option that is designed to enable broad-based secure remote access to corporate resources even during a business crisis.
Two-factor authentication combines something the user knows with something he or she has, providing a more reliable and secure level of user identity assurance than static and reusable passwords.
Having started out almost 10 years ago, Clickatell has 8,300 enterprise customers in the United States and worldwide across many industries including banking, healthcare, government services and insurance.
"It is important to understand the role that RSA plays in the security industry," Mr. Drake said.
"Allowing their customers to authenticate via their mobile devices is huge," he said. "It is basically one of the key highlights of the year. It's the next version of authentication managing and allowing mobile authentication."
12 Hot Cybersecurity Startups You Need To Know About At RSA 2020
CRN asks a number of security CEOs, channel chiefs and technical leaders attending RSA 2020 which cybersecurity startups they believe are best defending emerging technologies or simplifying long-standing protection issues.
RSA 2020: 10 Ways MSPs Can Improve Ransomware Protection
CRN asks security CEOs, channel chiefs and technical leaders attending RSA 2020 what tools, technologies and strategies MSPs can use to protect themselves from ransomware attacks.
The 30 Hottest New Cybersecurity Tools Announced At RSA Conference 2020
From behavior profiling of IoT devices to container-based isolation for key applications to eliminating spoofing links in emails, here's a look at 30 key cybersecurity tools unveiled at the RSA Conference this year.
25 Hot Risk, Operations And Threat Intelligence Platforms At RSA 2020
Here's a look at 25 risk, operations and threat intelligence platforms released at RSA 2020 that help customers simulate realistic attacks and exploits, detect unknown threats and policy violations, and triage security incidents faster.
13 Hot Endpoint And Network Security Tools At RSA Conference 2020
Here's a look at 13 products released around RSA Conference 2020 that boost security by illuminating network blind spots, blocking connections to known malicious IPs, and derailing attackers with decoy endpoints.
The 12 Hottest Identity And Data Protection Tools Unveiled At RSA 2020
Here's a look at 12 new identity and data protection products at RSA 2020 that make it easier to isolate sensitive data, prevent credit card fraud, securely onboard remote workers and validate users with their unique typing patterns.
The 10 Hottest Security Trends To Watch At RSA Conference 2020
As RSA Conference 2020 kicks off amid three high-profile coronavirus-related vendor cancellations, CRN speaks with eight prominent executives to see what security trends they expect to be the talk of this year's event.
Recognizing and developing Purdue’s best teachers
The Teaching Academy at Purdue strives to bring together the best teaching faculty and graduate students across campus to create a collective voice for teaching excellence. Members are nominated and selected by their peers.
In partnership with the Office of the Provost and the Center for Instructional Excellence, the Teaching Academy sponsors a variety of programs and activities fostering educational creativity, innovation, and effectiveness both in- and outside the classroom. Additionally, the Teaching Academy supports and encourages teaching faculty and graduate students to apply for teaching awards honoring and recognizing excellence in teaching.
Membership in the Teaching Academy recognizes outstanding and scholarly teaching in the graduate, undergraduate, or engagement programs of Purdue University.
Become a Teaching Academy Member!
Learn more about our Teaching Leadership Awards
Identity is a crucial component of effective security. A new report from RSA highlights some ... [+]
gettyRSA recently conducted its inaugural ID IQ Quiz, aiming to assess the knowledge and awareness of cybersecurity and identity and access management (IAM) professionals. The “2023 RSA ID IQ Report” from RSA shares the survey's results and sheds light on various aspects of identity security, including the prevalent knowledge gaps and the role of artificial intelligence (AI) in enhancing protection.
A press release from RSA announcing the report highlights some of the key findings from the survey:
I have reviewed the report myself, and I spent some time with RSA CEO Rohit Ghai to dive into the insights and talk about some of the things that seem concerning or promising from the survey results.
With a sample size of over 2,350 respondents from more than 90 countries, the survey provides a comprehensive look at identity security around the world. Rohit Ghai, CEO of RSA, noted, “We got much more than expected participation around a global set of audience that actually engaged with the survey. That was very, very promising to us. That means identity is a top of mind issue globally.”
The report identifies substantial gaps in respondents' knowledge concerning vital identity vulnerabilities, best practices for securing identity, and strategies for developing stronger identity security. Alarmingly, 63% of the participants could not accurately identify the identity components necessary to move organizations towards a zero-trust approach.
Similarly, 64% of respondents failed to select the best practice technologies for reducing phishing attacks effectively. The survey found that many self-described IAM certified have a concerning lack of understanding of identity security. Nearly two-thirds could not accurately select the best practices to reduce phishing, and more than 40% underestimated the frequency that users recycle old passwords.
These knowledge gaps provide cybercriminals with opportunities to exploit organizations. Users' lack of comprehensive understanding regarding identity's cybersecurity role and risks makes them susceptible
Jim Taylor, the Chief Product Officer of RSA, emphasized that the increasing number of users, devices, entitlements, and environments is overwhelming IAM specialists, making it challenging for them to keep up with evolving threats. To stay secure and compliant, organizations must invest in unified identity solutions and integrate AI to help their personnel cope with the rapid pace of change.
By incorporating AI capabilities, organizations can better detect suspicious access attempts, identify irregularities in access entitlements, and recognize vulnerabilities on mobile devices. The survey revealed that a significant 91% of respondents believe in AI's potential to Improve identity security, highlighting the widespread recognition of AI's benefits in enhancing protection.
It seems undeniable that AI will play a significant role in virtually every aspect of technology and security, but that doesn’t mean that AI alone is the solution. Rohit and I discussed the power and importance of AI combined with human insight and experience. AI is invaluable for processing the sheer volume and complexity of identity requests, and augments identity professionals to enable better identity security.
The report indicates that respondents trust technological innovations for their security and privacy. Nearly two-thirds (64%) of the participants place more trust in technical tools like computers or password managers than in their partner, closest friend, or financial advisor when it comes to safeguarding their information.
Furthermore, respondents exhibited strong confidence in AI's capabilities to enhance identity security. This reflects the growing acceptance of AI as a potent tool in the fight against cyber threats.
According to the report, unmanaged devices pose a significant risk of identity compromise. An overwhelming 72% of all respondents believed that people frequently use personal devices to access professional resources. Additionally, 97% of cybersecurity experts noted that users tend to open more emails on their phones than on desktops, making it more difficult to scrutinize potentially malicious content. The use of personal devices to access professional resources and the lack of similar security capabilities in unmanaged devices create a perfect storm of risks.
The RSA press release points out, “These responses align with Zimperium’s 2023 Global Mobile Threat Report, which found that the average user is 6-10 times more likely to fall for an SMS phishing attack than an email-based attachment.”
The survey revealed that nearly three-quarters of all respondents either didn't know or significantly undervalued the cost of a password reset, with almost half of self-described IAM experts unaware of the true cost. As password resets can cost upwards of $70 each, they contribute significantly to IT help desk expenses. The lack of accurate pricing awareness could lead to uncontrollable costs, highlighting the importance of employing a unified identity solution for authentication and access.
Moreover, inadequate identity governance and administration have a detrimental effect on organizational productivity. Nearly one-third (30%) of all respondents reported being prevented from accessing the systems needed for their work at least once a week. Such hindrances can hamper efficiency and hinder progress.
Rohit and I talked about the changing dynamics of identity security. “I think there is another very important issue there, which is that these identity professionals have thought of their jobs differently in the past,” he explained. “They thought of their jobs as enabling access.”
Rohit emphasized that the motives have shifted. The goal was initially to avoid helpdesk calls and ensure users had easy access to resources—but that is a very different objective and only a very small facet of what should define an identity professional today. That is more of a network admin or IT perspective, but it doesn’t address the security needs for identity today.
“I think that needs to change in the new world that is coming. Identity people need to be security people first, and network and access and the other skills that are important I believe will need to take a sort of secondary role going forward,” shared Rohit.
The 2023 RSA ID IQ Report paints a vivid picture of the current state of identity security knowledge, highlighting significant gaps that cybercriminals can exploit. The survey underscores the need for organizations to invest in unified identity solutions and integrate AI to enhance their security measures effectively. By addressing these vulnerabilities and embracing advanced technologies, businesses can fortify their defenses against identity breaches and protect sensitive information in an increasingly digital world.
A biology professor filed a religious discrimination charge with the U.S. Equal Employment Opportunity Commission (EEOC) Monday against a Texas community college after administrators allegedly fired him for teaching students sex was determined by X and Y chromosomes.
St. Philip's College in San Antonio, Texas allegedly fired biology professor Dr. Johnson Varkey in January for teaching his students that sex was determined by X and Y chromosomes and that reproduction must occur between a male and a female to continue the human species. Despite the fact that Varkey taught from school-approved and science-based curriculum, St. Philip's College claims his teaching was religious.
Dr. Varkey is a devout Christian, but claims he never discussed his personal beliefs with students. (Courtesy of First Liberty Institute)
"I also explained that when a sperm (which has 23 chromosomes) joins with an egg (which also has 23 chromosomes), a zygote (which has 46 chromosomes) is formed, and it begins to divide, and after 38 weeks a baby is born," Varkey wrote in the charge to the EEOC. "Because no information is added or deleted in those 38 weeks, life starts when the zygote begins to divide, not when the baby is born."
The college failed to respond to a demand letter sent by the professor's lawyers asking he be reinstated for what they believe to be wrongful termination, according to a copy of the charge obtained by Fox News Digital.
In his notice of termination letter, St. Philip’s College said the complaint against him contained several reports of "religious preaching, discriminatory comments about homosexuals and transgender individuals, anti-abortion rhetoric, and misogynistic banter." The college claim he violated "the highest standards of academic honesty and integrity," but provided no explanation or reasoning for its accusation.
First Liberty Institute (FLI), a law firm that defends the religious liberty of Americans, sent a letter to the community college on behalf Dr. Varkey in June, asking that he be reinstated in his role and that St. Philip's College admit his termination "was not for cause but in fact violated federal and state law."
Dr. Varkey had been teaching his students that sex was determined by X and Y chromosomes for 20 years. (BSIP/UIG Via Getty Images)
FLI said the college is participating in unlawful religious discrimination in employment under the First Amendment and Title VII of the Civil Rights Act of 1964, arguing Varkey "believes that he is obligated as a Christian and as a professor to teach accurate, true concepts that comport with his many years of research and study in the field of human biology."
Varkey's lawyers argue his teachings are supported by his education and experience in the field of biology, as well as his religious beliefs, but added that "throughout his employment, he never discussed with any student his personal views—religious or otherwise—on human gender or sexuality," but argued that his faith and his as integrity as an academic, forbid him from teaching or affirming statements that he believes to be false.
"The actions of St. Philip’s College also have a disparate impact on religious employees," Varkey wrote in his charge with the EEOC. "The pattern and practice of terminating professors because of in-class statements that reflect their beliefs has a discriminatory effect on religious professors like myself."
Dr. Varkey said his firing will have a disparate impact on all religious professors. (iStock)
"It saddens me that we have come to the place where, in an institution of higher learning, the feelings and opinions of the students are allowed to usurp the facts of science," Dr. Varkey told Fox News Digital. "The law protects Americans like me from being punished by their employers for holding or expressing their religious beliefs. St. Philip’s College is sending a message that the facts of science don’t matter and that religious people are not welcome and need not apply."
As an adjunct professor, Varkey taught the same principles he was fired for this year in his Human Anatomy and Physiology to more than 1,500 students during the two decades he taught at St. Philip’s College, according to First Liberty. On November 28, 2022, four of Varkey's students walked out of his class when he stated that sex was determined by X and Y chromosomes, just as he always had during his 19 years teaching at the college.
CLICK HERE TO GET THE FOX NEWS APP
"No college professor should be fired for teaching factual concepts that a handful of students don’t want to hear," Keisha Russel, Counsel for FLI and the lead attorney on Dr. Varkey’s case told Fox News Digital in a statement. "When public universities silence their own professors from teaching true concepts to students, education has been turned on its head."
Alamo Colleges District, which includes St. Philip’s College, told Fox News Digital it does not comment on personnel issues.
For more Culture, Media, Education, Opinion, and channel coverage, visit foxnews.com/media
Teachers, adminstrators, literacy certified and coaches, and paraprofessionals.
Courses are online with live synchronous sessions and weekly self-paced activities.
Courses are offered in the Summer, Fall, and Spring. For information about upcoming offerings, please see the "Courses" section below.
To pay for multiple registrants via purchase order, please email lynchschoolpce@bc.edu.
Participants who complete all required coursework will receive 15 PDP's.