National Institute of Standards and Technology - News, Features, and Slideshows

News

• The Upload: Your tech news briefing for Monday, January 26

  Coinbase set to open first regulated Bitcoin exchange ... Malaysia Airlines suffers big hack ... Wikileaks says Google passed data to U.S. ... and more news

• U.S. may be falling behind in researching tech's next big thing

  The White House has identified cyber-physical system research and development as a "national priority" that could boost U.S. productivity. But federal spending is telling a different story.

• Overreliance on the NSA led to weak crypto standard, NIST advisers find

  The National Institute of Standards and Technology needs to hire more cryptographers and improve its collaboration with the industry and academia, reducing its reliance on the U.S. National Security Agency for decisions around cryptographic standards.

• How the NIST cybersecurity framework can help secure the enterprise

  Now that the US National Institute of Standards and Technology has finalized the much-discussed cybersecurity framework, organizations can use it as the guideline for measuring how well their systems are secured.

• Cisco says controversial NIST crypto – potential NSA backdoor -- 'not invoked' in products

  Controversial crypto technology known as Dual EC DRBG, thought to be a backdoor for the National Security Agency, ended up in some Cisco products as part of their code libraries. But Cisco says they cannot be used because it chose other crypto as an operational default which can't be changed.

• NIST subjects draft cybersecurity framework to more public scrutiny

  Following through on an order earlier this year from U.S. President Barack Obama, the National Institute of Standards and Technology (NIST) is rapidly developing a set of guidelines and best practices to help organizations better secure their IT systems.

• NIST, Stanford team to rescue early Tetris from digital oblivion

  The National Institute of Standards and Technology (NIST) and Stanford University have partnered to save for posterity over 15,000 software programs created in the early days of microcomputing.

• Cloud forensics: In a lawsuit, can your cloud provider get key evidence you need?

  Any business that anticipates using cloud-based services should be asking the question: What can my cloud provider do for me in terms of providing digital forensics data in the event of any legal dispute, civil or criminal case, cyberattack or data breach?

• Windows XP and Firefox browser amass worst vulnerability record over past 25 years

  In a look at the number of vulnerabilities recorded over 25 years in software products and open source, a researcher at Sourcefire has determined that Microsoft Windows XP and the Mozilla Firefox browser stand out as the two with the largest number of high-severity vulnerabilities.

• Symantec SSL certificates feature cryptography 10k times harder to break than RSA-bit key

  Symantec today began offering multi-algorithm SSL certificates for Web servers that go beyond traditional crypto to include what's known as the Elliptic Curve Cryptography (ECC) Digital Signature Algorithm (DSA), which the firm says will be 10,000 times harder to break than an RSA-bit key. Certificates are used to prove site identity to the visitor through a validation check that involves the user's browser and the site certificate, and Symantec is making the argument that authentication will happen faster using this particular ECC algorithm.

• State opposition to domestic drone use grows

  Applications for domestic drone licenses are increasing steadily, even as privacy concerns related to their use over the U.S. continue to mount. Some states are even moving to ban them all together.

• PCI Council publishes risk-assessment rules for card-processing networks

  The Payment Card Industry (PCI) Security Standards Council today issued guidelines on how businesses storing, processing or transmitting payment-card information should look at doing an annual risk assessment.

• NSTIC director: 'We're trying to get rid of passwords'

  The federal government's National Strategy for Trusted Identities in Cyberspace (NSTIC) program, set up this spring, is making progress against its goal of identifying and supporting more secure alternatives to simple passwords that the government as well as anyone else might use in authenticating to online applications.

• Standards body sets out cloud guidelines

  The US government is setting out to address concerns about security in the cloud. The US National Institute of Standards and Technology has issued a draft document looking at issues such as privacy and security within cloud environments.

• Obama Administration fleshes out online trusted IDs

  The National Institute of Standards and Technology (NIST) has established a new Web site fleshing out the Obama Administration's plans for a National Strategy for Trusted Identities in Cyberspace (NSTIC).