In this wide ranging interview, cryptographer, Taher Elgamal, chief security officer of Axway Inc. and  initial driving force behind SSL, explains how applications may be better adapted to defend against attacks and how cloud computing may alter data protection and authentication. Read the full article. [TechTarget]

LifeLock, an Arizona company promising customers protection from identity theft, has agreed to pay $12 million to settle charges that the company overstated its benefits and used "scare tactics" to gain subscribers. Read the full article. [Computerworld]

North Carolina state researchers have modified existing speech authentication computer models and have streamlined the process so that it operates more efficiently. Read the full article. [ScienceDaily]

A Thai court has approved the extradition to the U.S. of a Malaysian man allegedly involved in hacking credit card information, causing massive losses for victims in the U.S. Read the full article. [Computerworld]

Cisco has released a number of reports on vulnerabilities in its products. It is possible to disrupt the transfer of voice data in the Unified Communications Manager using crafted SIP, SCCP and CTI packets. Read the full article. [The H Security]

Economic pressures are driving more businesses and governments to nervously eye cloud computing, despite myriad unanswered questions that swirl around a single central concern: security. This was backdrop for a panel discussion between CISOs at this week's RSA Conference. Read the full article. [Network World]

Computer scientists say they've discovered a "severe vulnerability" in the world's most widely used software encryption package that allows them to retrieve a machine's secret cryptographic key. The bug in the OpenSSL cryptographic library is significant because the open-source package is used to protect sensitive data in countless applications and operating systems throughout the world. Read the full article. [The Register]

University of Michigan scientists have found they could foil RSA authentication by varying the voltage supply to the holder of the "private key," which would be the consumer's device in the case of copy protection and the retailer or bank in the case of Internet communication. It is highly unlikely that a hacker could use this approach on a large institution, the researchers say. Read the full article. [ScienceDaily]

At the RSA conference in San Francisco, a panel of leading cryptographers reveal some of the lessons they have learned while making seemingly imprudent decisions. By going against the grain, new objectives can be made and boundaries overcome.

For years, leaders of the security industry have warned that passwords have outlived their usefulness. Users pick easy-to-crack passwords like the name of a dog or a favorite movie. They're written on post-it notes and left sticking to the monitor for all to see. Multi-factor authentication -- using more than one form of authentication to verify the legitimacy of a transaction via smart cards, tokens or biometrics, for example -- is often held up as the alternative; an end to insanity. The reality is far less simple. Read the full article. [CSO]