Media Coverage


April 16th, 2014

Heartbleed: Why companies are clueless about security

"More than half of companies (51%) don’t even know how many security keys and certificates they are using to encrypt information like credit card numbers and passwords, according to a 2013 survey of 2,342 organizations – 614 based in the U.S. – carried out by the Ponemon Institute research firm and sponsored by Venafi, a cybersecurity firm."

Read More


Los Angeles Times

April 16th, 2014

'Heartbleed Bug' puts Web security at risk

"The scope of this is immense," said Kevin Bocek, vice president of security strategy and threat intelligence for Venafi, a Salt Lake City cybersecurity company. "And the consequences are still scary. I've talked about this like a 'Mad Max' moment. It's a bit of anarchy right now. Because we don't know right now who has the keys and certificates on the Internet right now."

Read More


Wall Street Journal

April 13th, 2014

Google, Microsoft Race to Assess Heartbleed Vulnerability

"'What people don’t understand yet is that unless they change all those keys and certificates, they will remain vulnerable,' said Venafi’s Mr. Hudson. A large global company may have tens of thousands of certificates — essentially attachments to electronic messages used for security purposes — and keys that need to be changed, he said."

Read More


E-Commerce Times

March 13th, 2014

2013: A Perilous Year on the Internet

"Cybercriminals are looking for ways that they can gain trusted status," said Kevin Bocek, vice president of product marketing at Venafi. "Whether I'm Edward Snowden or a member of a cybergang, I want to get trusted status, and I want to go undetected. That's what the use of digital certificates allows me to do..."

Read More



March 12th, 2014

McAfee’s Latest Threat Report Underscores Problem of Unsecure Certificates

"There’s little to no visibility in to what keys and certificates are trusted throughout enterprises and no ability to take action, either to enforce policy or respond to attacks. The escalation in these types of attacks underscore the problem of unsecured certificates loud and clear. With over 17,000 keys and certificates in typical Global 2000 organizations, there’s a huge attack surface..."

Read More


The Economist

March 10th, 2014

Difference Engine: The end of trust

"A dirty little secret of enterprise computing is that practically every server in an organisation has a backdoor offering full “root” access to the machine—ie, permission to do anything…. A dirty bigger secret is that the “secure-shell” (SSH)—a cryptographic security protocol used by administrators to send commands to machines on the network—is rarely as secure as imagined. As SSH is an encrypted communications channel that bypasses all security measures on a computer, even administrators need a digital key to authenticate their use of it. But because SSH commands are used daily, the keys are often left lying around with little security to keep them out of the wrong hands."

Read More



March 9th, 2014

'Perfect' ransomware is the scariest threat to your PC

"Criminals are ramping up their attacks on keys and certificates, and it’s likely the purveyors of ransomware will do the same."

Read More



March 5th, 2014

CryptoLocker's success will fuel future copycats

"Cryptographic keys and digital certificates are ripe for ransom. Whether it's taking out the key and certificate that secures all communications for a bank or the SSH keys that connect to cloud services for an online retailer, keys and certificates are a very attractive target..."

Read More


SPAM Fighter

February 24th, 2014

Actual Impact of ‘The Mask’ Group’s Actions Still to Come - Experts

"If the breached organizations don't fight back and modify their keys and certificates instantly then these organizations will suffer a lot..."

Read More


Computer World

February 22nd, 2014

Poorly managed SSH keys pose serious risks for most companies

"By stealing SSH keys, attackers like those behind The Mask APT can impersonate admins, snoop around and take complete control of a target's network without being detected, he said. There are signs that National Security Agency contractor Edward Snowden might have used SSH keys or a similar digital certificate to access and steal documents without being detected..."

Read More

 1 2 3 >  Last ›