Apple Support has a KB article with a list of trusted root certificates

These trusted root certificates are preinstalled with iOS 5. When IT administrators create Configuration Profiles for iPhone, iPad, or iPod touch using the iPhone Configuration Utility, these certificates do not need to be included.

Researchers at FAU explain how to implement AES in Linux without leaving keys exposed in memory, and with no performance penalty.

TRESOR is a secure implementation of AES which is resistant against cold boot attacks and other attacks on main memory. The basic idea behind this implementation is to store the secret key inside CPU registers rather than in RAM. All computations take place only on registers, no AES state is ever going to RAM. In particular, the x86 debug registers are misused as secure key storage.

The RSA Conference in San Francisco is already happening. People from all over the world are flying in to meet and greet at the industry-leading security gathering of the year. The RSA Conference brings together an amazing amount of resources to a central and convenient location. It’s a great way to start the year if you are looking for solutions, services or products in security. Marketing hype from vendors is an annoyance but it is a natural result of a concentration of industry leaders and consumers. If you shine a bright enough light you are bound to attract some attention….

Friday night was an intense discussion on Cyberwar to pre-stage David Willson’s Saturday presentation to the American Bar Association InfoSec Committee. Last night continued the discussion over dinner at the historic John’s Grill with a large group of security consultants, lawyers and service providers including Lucy Thomson (editor of the Data Breach and Encryption Handbook) and Ben Thomhave (presenting Thursday’s LAW-301 – Hot Topics in Information Security Law 2012).

Tonight are more of the 70 or so mini-conferences and side gatherings that make up an important part of the discussion and debate around the city and then tomorrow begins the full swing of RSA at the Moscone center.

There are many fine guides online already from insiders like Josh Corman, Andrew Hay and Secorisis. Page 8 and 9 of the RSA Conference booklet also has a guide to the top rated speakers.

Some of the themes to track will be:

• End-point and platform security, with a transition to secure the bring your own device (BYOD) market against “new” attacks (e.g. CrowdStrike debut of a Webkit-based vulnerability)
• Encryption, of course and as always but this time it’s really for real
• Hardening environments with virtualization; call it a sandbox, a litterbox, a container or whatever…vendors are starting to demonstrate how virtualization actually can make security management easier and more cost-effective.

Here are just a few of my presentations as well as some great presenters I plan to watch. Hope to see you there.

• Tuesday, Feb 28, 1:10 PM — Chris Hoff presents STAR-106 Firewalls: Security, Access, the Cloud — Past, Present and Future
• Tuesday, Feb 28, 2:40 PM — Bruce Schneier presents EXP-107 New Threats to the Internet Infrastructure
• Tuesday, Feb 28, 3:50 PM, Room 305 — I will present CLD-108 Lightning Round: Data Confidentiality and Integrity in the Cloud
• Tuesday, Feb 28, 5:00 PM Tweetup at VMware booth 2041 — VMware and Trend Micro – Securing Your Customers Journey to the Cloud
• Wednesday, Feb 29, 8:00 AM, Room 102 — Marcus Ranum presents Cyber War: You’re Doing it Wrong!
• Wednesday, Feb 29 10:20 AM, Crypto Commons — I will interview Bruce Schneier on his new book — Liars and Outliers: Enabling the Trust that Society Needs to Thrive
• Thursday, Mar 1, 9:30 AM, Room 301 — I will present DAS-302: Message in a Bottle – Finding Hope in a Sea of Security Breach Data
• Friday, Mar 2, 9:00 AM — Jeremiah Grossman presents EXP-401: Web Breaches in 2011 — “This is becoming hourly and totally rediculous”