Nelson says Decru sent an email to NeoScale customers, partners, and the media making the vulnerability sound worse than it was. Her letter says Decru's "negatively-oriented marketing campaign" claims an attacker with a user password can gain access to the system key without a smart card. "This statement is completely false, is not included anywhere in the CERT advisory, and has nothing whatsoever to do with the CERT advisory," she says.
Rosenblum says there is one system key in CryptoStor devices that is never exposed in unencrypted form outside the appliance, so no user can ever access it.
Decru marketing VP Kevin Brown says Decru doesn't have a NeoScale customer list, although he admits his company did send out emails to media, analysts, and others because it wanted its customers to know it did not have the same issues.
Brown says Decru does authentication directly from the smart card to the encryption appliance without going through Windows' ActiveX component. As for Nelson's charge that Decru made false statements, Brown says any emails sent out contained information available on the CERT site. The original vendor statement on CERT's site said users can access the system key without a smart card, but that statement has been amended to delete the reference to the smart card.
NeoScale began shipping the CryptoStor 700 in February of 2005. (See NeoScale Adds Tape Security.) Rosenblum says he does not know how many customers are using the appliance but claims NeoScale has close to 200 overall customers and most of its enterprise customers use the 700. He says the fix was part of a production release sent out this month.
Bob Friday, Chief AI Officer for Juniper Networks, explains how the advanced technology is transforming operations.
Contact center leaders from 8x8, Awaken Intelligence, and 360insight discuss the importance of agent experience.
AI may force enterprises to rewire parts of their data centers so they are fully optimized to run such workloads. The question is do you use Ethernet or InfiniBand?
