Saturday, April 12, 2014

Trusted Platform Module 2.0 Specs Released

Trusted Platform Module (TPM) 2.0 library specifications have now been released for silicon makers, software developers, system builders and other members of IT ecosystem.

TPM 2.0, which is positioned as the critical next step for a more secure computing environment, aims to provide a secure root of trust to protect data in computers and mobile devices from digital and physical attacks, theft or loss.

The TPM 2.0 specification is designed with cryptographic agility to allow support for more algorithms in the future. It also offers the flexibility for industry implementations across a broad range of platforms including servers, desktops, embedded systems, mobile devices and network equipment.

The Trusted Computing Group (TCG) is also making available the PC Client Platform TPM Profile (PTP) specification, the first in a series of specifications to enable developers and manufacturers to design TPMs into their products. Specifications for additional platforms, including mobile devices and embedded systems, will follow.

F5 Mitigates Heartbleed Bug

F5 Networks confirmed that its BIG-IP Local Traffic Manager, which can be used to terminate SSL connections, already has the necessary protections in place to secure applications against the Heartbleed bug.

For companies terminating SSL connections on application servers (not utilizing F5 SSL offload), F5 said the threat can be mitigated through open, extensible F5 iRules.

“For organizations using F5 BIG-IP Local Traffic Manager (LTM) with our SSL stack, applications are already protected from the Heartbleed vulnerability,” said Mark Vondemkamp, VP of Product Management, Security at F5. “They have been protected from the Heartbleed bug since it was introduced in OpenSSL.”