SSH (Secure Shell) is a cryptographic network protocol in use since 1995. It was created by Finnish computer scientist Tatu Ylönen in response to a password-sniffing attack at his university. Since then, SSH has become a fundamental tool for secure communication over unsecured networks, widely used for remote server management, secure file transfers, and more.  ... The post Freeware Released: Securing SSH Access with MagicEndpoint’s FIDO-TPM Innovation appeared first on WinMagic Data Security Solutions, Protection Services and Software ..read more

On January 16, 2025, President Joe Biden issued an Executive Order (EO) calling for the Federal Government to adopt proven security practices to enhance identity and access management (IAM), improve visibility into security threats, and strengthen cloud security.  While the Executive Order sets forth a commendable vision, we believe the call to adopt proven, existing... The post The Correct Identity — Implementing Executive Order 14144 (January 16, 2025) with No User Action appeared first on WinMagic Data Security Solutions, Protection Services and Software ..read more

Embracing New Approaches to Defend Against Cyberattacks, Minimizing User Burden. Mississauga, Ontario April 30, 2024 — Addressed to IT security thought leaders looking to defend against cyberattacks while maintaining a good user experience, WinMagic Corp releases an Open Letter with its vision for authentication that transforms the aspiration of Zero Trust security into reality. To combat the escalating risks posed by cyberattacks, Whitehouse Memorandum M-22-09 was issued in January 2022. It sets forth a Federal Zero Trust architecture strategy: “The foundational tenet of the Zero Trust Model ..read more

Key issues: With over 25 years of continuous innovation, WinMagic has consistently raised the bar in endpoint encryption. Leveraging our expertise in applied cryptography and endpoint protection for online access, we believe new ways of thinking can revolutionize cybersecurity to the extent that account hijacking is eliminated, with NO user burden. We will highlight current challenges and present potential solutions or ideas unseen elsewhere. While we understand industry skepticism, we’re optimistic that these novel approaches will garner support and that the industry will refine and expand u ..read more

The industry’s longstanding approach to user verification for online accounts might seem foolproof given its widespread adoption. After all, if everyone’s doing it, it must be effective, right? The Challenge with Traditional Verification Current solutions typically verify both the user and, following the Zero Trust principle, possibly the endpoint when a user logs into an online account. While passwords, multi-factor authentication (MFA), and public key-based methods like FIDO and PKI have become the norm, are they truly effective against today’s advanced threats? Notable breaches at major cor ..read more

Competitive Advantages of Pre-Boot Authentication In the ever-evolving landscape of digital threats and cybersecurity challenges, the quest for secure and user-friendly authentication has led to the rise of passwordless solutions. Passwordless authentication — relying on methods such as biometrics and hardware tokens — offers a seamless user experience while eliminating the vulnerabilities associated with traditional passwords. However, to fortify these advancements, one formidable weapon in the arsenal of cybersecurity is pre-boot authentication (PBA). PBA refers to the process of authenticat ..read more

Introduction In the ever-evolving landscape of cybersecurity, SSL/TLS has emerged as the preeminent security protocol, fortifying trillions of daily interactions through HTTPS across web browsers. The TLS protocol, meticulously developed by some of the brightest minds in the industry, stands as the bedrock of internet security, setting the gold standard for safeguarding data during transmission. Indeed, TLS has become synonymous with resilience and adaptability. However, WinMagic has made some recent discoveries that we believe will change the cybersecurity space and one of them sheds light on ..read more

WinMagic applauds the joint NSA and CISA effort in creating the document “Developer and Vendor Challenges: Identity and Access Management.” The file provides pragmatic help to the community of vendors and developers and will benefit them greatly. For our part, we’d like to offer the below suggestions. We’ve categorized our suggestions into two sections — “MFA Definitions and Policy Changes” and “Standards Improvement Opportunities” — but the suggestions apply to many sections of the “Developer and Vendor Challenges” document. WinMagic understands that some of our comments and proposals below a ..read more

Early September 2023, two of the world’s largest casino hotel companies — MGM Resorts and Caesars — were struck by ransomware attacks. In the week after, Caesars stated that the company had been a victim of “a social engineering attack on an outsourced IT support vendor used by the Company.” The hackers exploited a weak point in these companies’ security, underscoring the urgency of readdressing and improving our approach to online security. Fallback Vulnerabilities To gain access to sensitive data, hackers exploited these Okta users’ fallback method: the account reset or recovery process for ..read more

“I’m very excited to tell you more about our passwordless authentication, today. I believe it is game-changing and it will change the cyber security market,” said Thi Nguyen-Huu, Founder and CEO at WinMagic, during our “Passwordless for Government” webinar, hosted jointly with Carahsoft Technology Corp. Leading the webinar, Garry Mccracken, CISO at WinMagic, began with the following descriptions of government security guidelines and executive orders: EO 14028. In May 2021, the federal government released Executive Order (EO) 14028. Executive orders tend to contain high-level policies, and th ..read more