CSS recently discovered and published information on a potential privilege escalation attack in SCEP-based Certificate Issuance Systems. After this discovery, CSS created the SCEP Validation Service, which aims to close this attac [...]
The Certificate Management System (CMS), formerly known as the Certificate Reporting Tool (CRT), as referenced below, provides reporting and notification capabilities to an existing Public Key Infrastructure (PKI). The reports and [...]
If you’re reading this, there’s a good chance you’ve already seen the reports about the security ramifications of issuing certificates to mobile devices using the Simple Certificate Enrollment Protocol (more information on our sit [...]
Certified Security Solutions sent a team to the 2012 RSA Security Conference in San Francisco where one of the underlying themes was mobile security. Located in the Microsoft Pavilion, team CSS boasted a 'Got PKI?' theme centered [...]
The popularity of Apple’s iPads and iPhones among consumers are well documented, but recent findings from Forrester Research shows that these devices are gaining steam in the corporate world. The “Consumerization of IT” or BYOD (B [...]
This week we’ve seen the latest chapter in the Microsoft/Apple love/hate relationship… and it would seem that love is conquering all… at least for the time being. As CRN reports, Apple is reaching out to Microsoft partners that ca [...]
iOS 5, Apple’s new operating system for iPad, iPhone, and iPod Touch, will be released “soon” – Apple officially says “this Fall,” and many prognosticators are pointing to sometime in October. While the new release has hundreds of [...]
iOS devices such as iPads and iPhones are quickly becoming a part of the enterprise IT landscape, in a trend sometimes referred to as “the consumerization of IT.” From a security practitioner’s standpoint, there are a number of fa [...]