Interesting read from Computerworld…
“Lot of organizations are new to encryption,” he added. “Their only exposure to it has been with SSL, but that’s just a session. When you shift to data at rest and encrypt your laptop, if you lose the key you trash your data – it’s a self-inflicted denial-of-service attack.
Encryption is also as big an interest for the bad guys as the good guys, warned Anton Grashion, European security strategist for Juniper. “As soon as you let the cat out of the bag, they’ll be using it too,” he said. “For example, it looks like a great opportunity to start attacking key infrastructures.”
“It’s a new class of DoS attack,” agreed Moulds. “If you can go in and revoke a key and then demand a ransom, it’s a fantastic way of attacking a business.”
No comments yet.