Despite the documented shortcomings of the Simple Certificate Enrollment Protocol (SCEP), it is still in widespread use today. This is in large part due to the lack of better options when it comes to certificate enrollment – espec [...]
Fog Computing: When the Cloud is Not Enough How Do We Manage the Massive Amounts of Data Generated by the IoT? The Internet of Things (IoT) market and its exponential growth are bringing many improvements and considerable revenue [...]
The Explosion of Cloud-based Apps and the IoT are Creating the Need to Reinforce PKI Environments The takeover of the cloud has brought countless businesses to pursue cloud migration over the past few years in an effort to take a [...]
Healthcare Devices: Then and Now Healthcare devices through the ages: what was once a cumbersome trip to the doctor for testing, followed by a series of manual documentation steps, is now a convenient, internet-connected wearable [...]
IoT Security: the area of the information security industry aimed at securing devices, data, people and applications within the Internet of things (IoT). What makes IoT Security so important? The growth of internet-connected data, [...]
CSS recently discovered and published information on a potential privilege escalation attack in SCEP-based Certificate Issuance Systems. After this discovery, CSS created the SCEP Validation Service, which aims to close this attac [...]
If you’re reading this, there’s a good chance you’ve already seen the reports about the security ramifications of issuing certificates to mobile devices using the Simple Certificate Enrollment Protocol (more information on our sit [...]
Vulnerability Note VU#971035- Simple Certificate Enrollment Protocol (SCEP) does not strongly authenticate certificate requests CLEVELAND, OH – June 28, 2012. Researchers at Certified Security Solutions, Inc. (CSS), a leading info [...]
It’s been in the works for quite some time, but we are finally able to publicly announce a problem that we’ve encountered, related to the use of the Simple Certificate Enrollment Protocol, or SCEP, in conjunction with mobile devic [...]
The following is an excerpt from my book Microsoft System Center 2012 Endpoint Protection Cookbook, https://www.packtpub.com/virtualization-and-cloud/microsoft-system-center-2012-endpoint-protection-cookbook