Engenharia Social (ou o carneiro que afinal era um lobo)

Todos os anos perdem-se milhares de milhões de euros devido a atos de espionagem industrial, muitas vezes sem que as organizações lesadas sequer se apercebam. As organizações devem estar alerta para esta ameaça algo silenciosa que, na quase totalidade dos casos, parte de dentro de si próprias, sob a forma de Engenharia Social. Neste capítulo exploram-se os conceitos de Engenharia Social, as suas manifestações mais populares e as formas de deteção, prevenção e combate. A importância do tema para as organizações e para a economia em geral fazem surgir a necessidade de uma sensibilização em torno destas ocorrências e para a definição de uma política de segurança clara e comum a toda a organização. A atual falta de formação e até mesmo ingenuidade dos colaboradores das organizações perante este tema proporciona um campo fértil para a proliferação de atividades da Engenharia Social

RSA Keys Quality in a Real-world Organizational Certificate Dataset: a Practical Outlook

This research investigates the intricacies of X.509 certificates within a comprehensive corporate infrastructure. Spanning over two decades, the examined enterprise has heavily depended on its internal certificate authority and Public Key Infrastructure (PKI) to uphold its data and systems security. With the broad application of these certificates, from personal identification on smart cards to device and workstation authentication via Trusted Platform Modules (TPM), our study seeks to address a pertinent question on how prevalent are weak RSA keys within such a vast internal certificate repository. Previous research focused primarily on key sets publicly accessible from TLS and SSH servers or PGP key repositories. On the contrary, our investigation provides insights into the private domain of an enterprise, introducing new dimensions to this problem. Among our considerations are the trustworthiness of hardware and software solutions in generating keys and the consequential implications of identified vulnerabilities on organizational risk management. The obtained results can contribute to enhancing security strategies in enterprises

RSA Keys Quality in a Real-world Organizational Certificate Dataset: a Practical Outlook

This research investigates the intricacies of X.509 certificates within a comprehensive corporate infrastructure. Spanning over two decades, the examined enterprise has heavily depended on its internal certificate authority and Public Key Infrastructure (PKI) to uphold its data and systems security. With the broad application of these certificates, from personal identification on smart cards to device and workstation authentication via Trusted Platform Modules (TPM), our study seeks to address a pertinent question on how prevalent are weak RSA keys within such a vast internal certificate repository. Previous research focused primarily on key sets publicly accessible from TLS and SSH servers or PGP key repositories. On the contrary, our investigation provides insights into the private domain of an enterprise, introducing new dimensions to this problem. Among our considerations are the trustworthiness of hardware and software solutions in generating keys and the consequential implications of identified vulnerabilities on organizational risk management. The obtained results can contribute to enhancing security strategies in enterprises