What is efail? 

Efail is the name given by German Researchers to a potential attack against PGP or S/MIME encoded emails to take the encrypted contents and send them to a third-party actor.

How does efail work?

Efail requires an HTML encoded email to be manipulated by prepending an html image tag to the beginning of the email. This in turn forces the email client to send a request to a malicious domain looking for an image file that is the body of the encrypted email.

Along with the rest of the industry, we recently attended the RSA Conference in San Francisco. While there, many conversations about Fornetix Key Orchestration (KO) started with “You’re an HSM?” or “I already have an HSM… why do I need a key manager?”  Key managers have very clear differences from Hardware Security Modules (HSMs.)  The main differences reside in how the encryption keys can be used by a Key Manager or HSM.  There are other more important differentiators, however, let’s start with how key managers leverage open standards, like the Key Management Interoperability Protocol (KMIP), and what exactly an HSM is.

Amazon Web Services (AWS) is a secure cloud services provider that delivers compute, network, and data storage services. There are numerous benefits to migrating data storage and management to the cloud, but there are security considerations that must be addressed prior to doing so.

ASHBURN, Va., April 2018 — Fornetix, an industry leader for encryption key management, is pleased to announce the formation of a Board of Directors. The appointees are six proven executives with successful track records in the business and cybersecurity arenas.

Is RSA really less than a week away? It feels like just a few short months ago that the team at Fornetix was lamenting the fact that we'd have to wait until mid-April for the one event we all look forward to year-after-year.

Securing Virtual Environments Shouldn't be an Afterthought

Portability, versatility, efficiency, and cost effectiveness — these are just a few of the advantages of moving to virtualized environments. Virtualization allows enterprises to shift datacenters full of equipment down to a just a few servers. A smaller footprint means less power consumption, lowered cost of ownership, and less overhead. Too often, though, enterprises neglect security when it comes to implementing virtualization. Securing virtual environments has become an afterthought.

The Fornetix team wants to congratulate Kian Bradley, client developer, after he earned first place in the cryptocurrency capture the flag (C3TF) at this year’s BSidesNoVA hacking conference. The competition focused on real world challenges related to crypto currencies such as smart contract exploits, forensics, wallet exploits, and more issues unique to this growing industry.

“Smart” Doesn’t Mean “Secure”

Prior to 1975, there was no such thing as a smart home. Prior to 1985, all radio systems were analog. Prior to 1990, all phone systems were analog. Prior to 1974, all utility metering was analog. But all of that has changed; we now live in a digital world. 1’s and 0’s “run” our lives, and picking up an analog landline phone (POTS) is virtually a thing of the past. The new “hotness” is smart everything. Smart cars, smart phones, smart TVs, smart homes, and now smart grids.

When considering automotive IoT, it’s logical to focus on the supply chain that makes the car possible. In reviewing the application of key management to the automotive IoT landscape, it becomes apparent that the provenance of car components, from tires to telematics, is absolutely critical. Any poorly-built component can cause a systemic failure of the vehicle delivered to the consumer. When one typically thinks of applying encryption, it is focused on protecting the confidentiality of data at rest, in motion, or even while being processed. However, what about measuring whether the data should be trusted instead how whether it needs to be protected?