The payment application data security standard PA-DSS has been updated to help businesses better install, update, and patch their hardware.The guides are a global effort by Visa, Mastercard, and American Express to improve the shabby state of electronic payments around the world through the implementation of baseline security standards around credit cards.Critical changes in version 3.2 of the PA-DSS include clarifications to existing requirements that align the document to the payment card industry data security standard PCI DSS .Those reading will have better information for patching and protecting troubleshooting debugging logs that can be exploited during a compromise.Security standards council chief technology officer Troy Leach says the guide is critical to payment security.That s why in addition to updating PA-DSS to support PCI DSS 3.2, we ve added more guidance to help integrators, resellers, and others implementing payment software to configure it properly and protect payment account data.
If you're satisfied with its performance, you can make it your go-to program for PDFs by right-clicking one and selecting 'Open with'.Read on to discover four more of our recommended PDF readers.This is without doubt one of the most polished PDF tools out there, and it would be easy to forget that it's completely free to use.You can scan printed documents, have the text converted into searchable format, and save the resulting document as a PDF.They are presented as an expandable tree, so make sure you click all the ' ' icons to discover what's hidden there.SlimPDF ReaderA frill-free PDF reader that barely makes a dent in your disk spaceSlimPDF Reader is by far the smallest download in this roundup, occupying just 1.43MB of space, and makes a virtue of its frill-free approach.
The company has introduced a platform standardising electronic signatures across the EUDigital signature specialist DocuSign has introduced a new software suite aimed at taking advantage of regulations set to standardise electronic signature laws across the EU from next month.New e-identification opportunitiesThe new laws, known as the eIDAS Regulation, standardise rules covering electronic identification and trust services, including e-signatures, electronic seals and website authentication across Europe, with the EU identifying such services as a key factor in its Single Digital Market strategy.By leveraging the regulation change that is around the corner, DocuSign is ready to further empower Europe s digital transformation, Keith Krach, chairman and chief executive of DocuSign, said.Behind the firewallThe new offering could help organisations who want to implement digital signatures but need to comply with specific regulations or organisational policies, the company added.The company also announced the expansion of its partner programme to include Certificate Authorities CA and Trust Service Providers TSPs and said the xDTM standards body for digital transaction management, of which it is a founding member, has been broadened to include a new European advisory board.Krach said last October he planned to step down from his position, but an unnamed appointee, who had initially agreed to take over the role, backed out in March.
Banks are interested in the privacy preserving potential of zero-knowledge proofsOpen and decentralised systems such as blockchains create privacy concerns for some use cases, made even more acute by permissioned blockchains which seem to be morphing into something that belies almost all the fundamental benefits of the original design – but that's another story.Why advertise with usEnsuring privacy of transaction data is a desirable feature at the very least, and probably the sine qua non indispensable element of distributed banking ledgers.These traditional cryptography methods are very good at dealing with data, said Ben-Sasson.But these methods lack any semantics."There's no way to distinguish between encrypted/hashed files with various computational properties.Ben-Sasson is a scientist and not over-familiar with the world of private blockchains, but he said ZK proofs exist as open source code which can be forked and optimised for various use cases.
Social media platforms like Facebook and Twitter are routinely used by the Islamic State to spread propagandaA computer scientist has reportedly developed a new technology that can be used by social media platforms to help combat the spread of terrorist content and propaganda online.The CEP has built a massive database full of terrorist-related content – imagery, videos, and audio recordings – to help kick off the tracking process.The non-profit is planning to create a new organisation – dubbed the National Office for Reporting Extremism - to oversee the database and, if all goes to plan, work with social media companies , many of which have long had a problem with fending off use by terrorist sympathisers."If we seize this opportunity and have partners across the social media spectrum willing to fight the extremist threat by deploying this technology, extremists will find Internet and social media platforms far less available for their recruiting, fundraising, propagandising, and calls to violence," Farid said."It is no longer a matter of not having the technological ability to fight online extremism, it is a matter of the industry and private sector partners having the will to take action."By extracting the 'digital signature' from images, Farid developed a method of running these unique signatures against a large pool of stored content that can flag or report as inappropriate.
It looks like the man who was supposed to become Docusign's CEO in March bailed at the last minute to join Google instead.According to Bloomberg, former Motorola executive Rick Osterloh pulled out of taking Docusign's CEO position in March so he could go back to Google, where he serves as SVP of Hardware now.Osterloh spent over 2 years at Motorola, which was owned by Google until 2014.In March, Docusign had set up press calls to announce the hiring of a new CEO to replace the current CEO Keith Krach, who internally announced his plan to step down last October.At the time, Docusign's press officer said the new CEO candidate pulled out after "another company with unlimited resources approached him with an offer.And in another bad sign for the company, four top executives left Docusign in May, after it missed out on hiring a new CEO.Docusign, last valued at $3 billion, has been one of the fastest growing tech companies in recent years.The digital signature software company has raised over $500 million so far.Bloomberg reports that the company's now looking at Enrique Salem, managing director at Bain Capital, as one of the leading CEO candidates.Salem previously led Docusign's $233 million Series F funding and now sits on the company's board.Docusign's representative was not immediately available for comment.NOW WATCH: Bumble founder: Here's what's seriously wrong with the growing trend in Silicon Valley called 'brogramming'Loading video...
Common rules for accepting electronic signatures across EU borders enter force on Friday, but technical differences will still make life difficult for users and vendorsAdd in your John Hancock and be on your way.Defining an electronic signature that satisfies the laws of 28 countries is one thing, but creating one that is accepted seamlessly by desktop applications such as Adobe Acrobat Reader and Microsoft Office, and by enterprise applications such as Salesforce, Workday, Microsoft Dynamics CRM or Ariba, is entirely another, according to the consortium.Existing legislation, derived from the 1999 eSignature directive, allows certificates for electronic signatures to be granted to natural persons people and legal persons organizations , and makes little distinction between authenticating the content of a document and expressing consent to that content.However, when the regulation was approved in October 2014, Neelie Kroes, then European Commission vice president, called on incoming Commission President Jean-Claude Juncker to make every transaction with the Commission and other EU institutions possible electronically.After that, unless the U.K. government and the European Commission have agreed otherwise, it will not be possible to make legally binding agreements using eIDAS-compliant eSignatures between a U.K. person and an EU person.The others hail from EU member states Austria, France, Germany, Italy, Poland, and Spain, and from neighboring Norway and Switzerland, and include German state printer Bundesdruckerei, Infocert in Italy, and Docapost/Certinomis in France.
Signature Cloud Consortium to develop a cloud-based digital prospectuses published at the end of the signature. Founded in Europe Signature Cloud Consortium consortium will begin to promote the mobile devices and the introduction of an online open a digital signature. These are to be used in everyday life of citizens, such as applying for official permits, social security benefits or big loans. The consortium consisting of American Adobe, the Polish Asseco Data Systems, the German Bundesdruckerei / D Trust and Intarsys Consulting, a French Cryptolog / Universign, French Docapost / Certinomis, Italian infoCert and Intesi Group, the Spaniards Izenpe and Safe Layer, a Swiss SwissSign, Austrian Graz University of Technology and the Norwegian Unibridge. In the background is the beginning of July going into force of EU law. At present, the digital signature is often linked to computers or in separate token-tunnistautumislaitteisiin, which is used in addition to mutually incompatible solutions and systems in different countries.
Windows 10 is making considerable efforts to tighten up on the security front, and Microsoft has just announced changes to how it vets drivers for the operating system – all of these must now be digitally signed by Redmond.As Betanews spotted, it was actually last year that Microsoft announced that all kernel mode drivers would need to be submitted to the Windows Hardware Dev Center portal in order to be digitally signed.But at the time, Microsoft didn't enforce this as a rule – due to various 'technical-readiness' issues, it was only implemented as policy guidance.However, from now on, starting with installations of Windows 10, version 1607, this will be fully enforced and any drivers not signed off by the aforementioned Dev portal won't be loaded by the OS.Note that this doesn't apply to old drivers, just to new ones going forward.Also, the new policy only applies to fresh installations of Windows 10, so systems upgraded from previous versions of Windows will still allow the usage of cross-signed drivers.
News: New release updates phablet with security and performance features.Samsung has launched the Galaxy Note 7, which updates its flagship phablet line with new durability and security features.A stand out feature is the new iris scanner, which combined with Samsung's Knox software will boost the security of the device.Samsung developed its own proprietary algorithm to assign a digital signature to each user's iris.Previous Samsung models have featured a fingerprint scanner but the use of the iris as a biometric has yet to gain wide usage.As well as allowing users to secure their own documents and browse securely while using the phone's internet browser, Samsung is working with mobile banking providers to allow them to incorporate iris scanning into their apps.
The technique, which doesn't break the original file's signature, can allow malware to bypass antivirus detectionA new technique allows attackers to hide malicious code inside digitally signed files without breaking their signatures and then to load that code directly into the memory of another process.The attack method, developed by Tom Nipravsky, a researcher with cybersecurity firm Deep Instinct, might prove to be a valuable tool for criminals and espionage groups in the future, allowing them to get malware past antivirus scanners and other security products.While malware authors have hidden malicious code or malware configuration data inside pictures in the past, Nipravsky's technique stands out because it allows them to do the same thing with digitally signed files.That's significant because the whole point of digitally signing a file is to guarantee that it comes from a particular developer and hasn't been altered en route.However, this means that attackers can add data, including another complete file inside the ACT field, without changing the file hash and breaking the signature.
Grinding research finds gold in failed header checksBlack Hat Deep Instinct researcher Tom Nipravsky has undermined the ubiquitous security technique of digitally-signed files by baking malicious code into headers without tripping popular security tools.Nipravsky inserted malicious code into the small header attribute certification table field which contains information about digital certificates and is not subject to hash calculation.One of three file size checks is not properly conducted by Microsoft's Authenticode allowing VXers to alter expected values so that infected digitally-signed files appear valid.Nipravsky reverse-engineered Microsoft's undocumented portable executable loading process to develop the Reflective PE Loader which can stealthily inject the header's malicious code into system memory without raising security flags.Nipravsky and colleagues at Deep Instinct describe their work in the paper Certificate bypass: Hiding and executing malware from a digitally signed executable PDF released at the Black Hat security conference in Las Vegas last week.
News: Users can load non-Microsoft operating systems on some of its devices.A blunder by Microsoft has resulted in the company accidentally leaking skeleton keys that unlock Windows-powered tablets, phones, and other devices which are sealed by Secure Boot.At the centre of the problem are Secure Boot policies, these are basically a feature of the Unified Extensible Firmware Interface and they are designed to ensure that each component loaded during the boot process is digitally signed and validated.The idea is that it stops people from booting up any OS on a Windows tablet, or certain Windows Phones.Unfortunately for Microsoft it created and signed a special Secure Boot policy that disables the OS signature checks.This was done for debugging purposes, but what it means is that the boot manager won t verify that it is booting one of the signed operating systems, and will instead boot anything the user wants – as long as it is cryptographically signed.
The leak over the weekend of advanced hacking tools contains digital signatures that are almost identical to software used by the state-sponsored Equation Group, according to a just-published report from security firm Kaspersky Lab."While we cannot surmise the attacker's identity or motivation nor where or how this pilfered trove came to be, we can state that several hundred tools from the leak share a strong connection with our previous findings from the Equation group," Kaspersky researchers wrote in a blog post published Tuesday afternoon.The finding is significant because it lends credibility to claims made by a mysterious group calling itself Shadow Brokers.When members of the previously unknown group claimed in a blog post that they hacked Equation Group and obtained never-before-seen exploits and implants it used, outsiders were understandably skeptical.The connection linking more than 300 computer files in the Shadow Brokers archive to Equation Group is found in a common implementation of the RC5 and RC6 encryption algorithms.Among other things, the leaked Shadow Broker files use the negative constant -0x61C88647 instead of the more standard 0x61C88647 to speed up subtraction operations.
Photo: Robert Galbraith / Reutersopen the Transmission software was successfully introduced to the Mac haitake for the second time.Transmission software site has been hit again, and the bittorrent client software in the name of the shared mac for malware, says security company ESET.OSX/Keydnap install Mac computers back door and is spying on your computer.It communicates with the command server using the encrypted Tor connection.the Program has spread to the real digital signature contained, open code based on the Transmission-through the program.
It was revealed this week that Yahoo secretly built a custom software program it used on behalf of the NSA and CIA to scan customer emails.Neither the government nor the tech company would say, after Reuters first reported on Tuesday that Yahoo secretly built a custom software program it used on behalf of the NSA and CIA to scan customer emails.It also appears very similar to programs the FBI uses to pursue child abusers.No single court order can allow surveillance of millions of AmericansFurther reporting from the New York Times on Wednesday said Yahoo was ordered to scan its emails for the digital signature of a communications method used by a state-sponsored, foreign terrorist organization .But scanning the entirety of its email service for a specific string would appear to be a major change in the way Fisa has operated, said Liza Goitein, co-director of the national security program at New York University s Brennan Center for Justice.
With its Creative Cloud, Adobe made an early bet on offering its tools for creatives as a subscription service.With its Document Cloud, the company also offers a subscription-based service for its more enterprise-focused document management tools, too.Acrobat DC, the PDF-centric flagship service of the Document Cloud, is getting an update today that introduces a number of new features that will make editing documents and signing them a bit easier.As Lisa Croft, Adobe s group marketing manager for the Document Cloud, told me, all subscribers will get this update today.Maybe the most important new feature in Acrobat DC is better support for Certificates.While Acrobat already allows you to digitally sign documents, it s now far easier to do so thanks to a new set-up wizard for creating IDs or importing them from smart card readers and other cryptography hardware.
Now you can sign a PDF file right from your iPhone with the new Dropbox update.On Tuesday, Dropbox released a new version of its iOS app with a slew of features to boost your mobile productivity.Dropbox for iOS now includes in-app PDF signing, a new iMessage extension and widget compatibility, as well as exclusive iPad features.Working from your phone or tablet can make a big difference in your productivity, but sometimes it s still hard to match the efficiency of working at your desk.We want to change that, Dropbox product manager Matteus Pan wrote on the company blog.Here s a breakdown of all the new iOS features that Dropbox released this week.
Fittingly, he used 22 different pens to sign the document - now more nattily nicknamed "Obamacare".For example, the Parker Duofold Big Red used by General Douglas MacArthur to sign a surrender document aboard HMS Missouri - effectively signalling the end of the Second World War - is now proudly displayed at the Cheshire Military Museum in Chester.On 1 July 2016, the European Union implemented new rules for electronic signatures, giving them the same legal weight as their "wet" - or ink-based - written counterparts.Around 170,000 people voted digitally last year.It is little wonder that 2% of Estonia's GDP gross domestic product is saved every year as a result of digital signatures.This can be supported by a password sent to their phone.
How can blockchain be used by governments in delivering services?And, in the same sense that prevalent trends in the financial services sectors can have a huge impact on the way that the public sector operates, blockchain too has huge potential to shake up the public sector to create a fully transparent and digitised government.Everyone can see it, but no single user owns it, and it s not stored in a central repository.It removes any need for physical signatures on government forms, and means that tax returns, healthcare forms or land ownership documents can be processed entirely online.These digital signatures can speed up often cumbersome processes; ensure more security for the individual in question; and they can have a constant track of where these documents are at any moment in time.What s more, by storing digital identities on the ledger, citizens are able to vote for general elections online – something they have been doing since 2005.