Register for free to join our community of investors and share your ideas. You will also get access to streaming quotes, interactive charts, trades, portfolio, live options flow and more tools.
Register for free to join our community of investors and share your ideas. You will also get access to streaming quotes, interactive charts, trades, portfolio, live options flow and more tools.
O.T. Companies scramble to bolster online security
Jaikumar Vijayan
Sorry if posted.
http://www.computerworld.com.au/index.php/id;849058339;fp;512;fpid;1885393392
08/03/2005 07:25:55
Growing fears of identity theft and e-mail phishing scams, exacerbated by the recent data leaks at ChoicePoint and Bank of America, are pushing companies to adopt new IT security tools in a bid to bolster consumer confidence in online transactions.
The latest example is ETrade Financial's announcement last week that it is offering high-value customers a token-based form of authentication technology that can be used with passwords to provide an additional layer of protection for accessing online accounts.
The move addresses concerns about data security by giving customers a constantly changing password in addition to their static ones, said Joshua Levine, eTrade's chief technology officer.
"We felt that this is really something that our customers needed to make them feel comfortable about doing e-commerce," he said.
Increasingly, companies are being pushed to implement measures to rebuild consumer trust in the face of continued online attacks, said Robert Garigue, chief information security officer at the Bank of Montreal in Toronto.
"There's a lot of pressure to respond," said Garigue. "What we are seeing here is the issue of risk evolving from an internal technical concern to a trust-relationship issue."
In a poll of about 5,600 households conducted in December by Forrester Research, 26 percent of the online consumers said e-mail fraud concerns had stopped them from applying for a financial product, while 14 percent said they had quit accessing accounts or paying bills online. Another 20 percent said they don't open e-mail that looks like it came from their financial institutions because of worries about phishing attacks.
Such consumer angst is forcing companies to consider new identity, usage, service and privacy assurance measures, said Jonathan Penn, author of the Forrester report.
Some have already taken action. Since last fall, America Online has offered its customers two-factor authentication based on token technology from RSA Security. AOL is also offering antivirus, firewall and antispyware tools without charge to subscribers, a spokesman said.
Similarly, to help protect its customers against phishers, eBay is using Austin-based WholeSecurity's Web Caller-ID technology to let users verify the authenticity of a Web site via a downloadable browser plug-in.
The Stanford Federal Credit Union (SFCU) has implemented technology from Passmark Security that proves to customers that they have logged onto the SFCU Web site and not a fraudulent site.
All customers are provided with a secret image and phrase that are displayed during the log-on process and throughout the entire transaction. The images -- unique to each customer -- confirm the authenticity of the site, said Sam Tuohey, chief technology officer SFCU.
U.S. banks and other financial services companies have traditionally been reluctant to implement new security measures for fear of driving customers away, said Avivah Litan, an analyst at Gartner. Cost has been another concern, she added.
But that may change as consumers demand stronger protection from their financial services firms, Litan said.
In an April 2004 Gartner survey of 5,000 U.S. consumers, 60 percent of the respondents said they wanted the option of using additional security mechanisms for online transactions, while 19 percent said they wanted added protection as a condition of doing business with a company.
In light of that, Gartner predicts that by the end of 2007, up to 75 percent of U.S. banks will use an authentication method that's stronger than a simple password. Through the same period, up to 7 percent of U.S. banks and 70 percent worldwide will be mandating the use of hardware tokens for customer authentication, the report predicted.
"This notion of balancing security with convenience is an absolutely valid idea, but it needs to be revisited," Penn said. He added that security "is a much bigger issue now" than it was before.
dude_danny
Microsoft to begin test of security software
By Sam Diaz, Mercury News
1 hour, 10 minutes ago
http://news.yahoo.com/s/sv/20050514/tc_siliconvalley/_www11646917
Microsoft wants to be your computer's doctor. But it will have to fight more than spam and viruses -- it will also have to take on Silicon Valley pioneers who have spent years in the software-security business.
Microsoft announced Friday that it would begin testing OneCare -- a PC-health application expected to reach consumers sometime next year. But the entry of the world's biggest software maker into the security market didn't seem to scare Santa Clara's McAfee or Cupertino's Symantec, makers of already established anti-virus and other security-software programs.
``For people buying security software, it's typically all about trust,'' said McAfee President Gene Hodges. ``Who do they trust to secure their computers and do this on a reliable basis? Microsoft, even though it's a huge, powerful company, is going to have to prove to people that it can build good products and do the job well.''
Microsoft says it is looking at OneCare, its initial security-software product, to do more than just fight off the malicious attacks that have left inboxes flooded with spam and browser windows covered with pop-up ads. Its goal is also preventive: It wants to keep the personal computer healthy with an easy-to-use automated system that takes the guesswork away from the computer user.
``Customers don't differentiate between security issues, maintenance issues and support issues,'' said Dennis Bonsall, Group Program Manager for Microsoft's Technology, Care and Safety group. ``They just want someone to take care of it.''
OneCare, a separately sold subscription-based service, would be a mostly hands-off program that works in the background and sends security updates to users' computer systems without them having to download or install the fixes.
Beginning next week, Microsoft will begin testing the service through usage by its own employees. In the summer, the company will launch an invitation-only beta version for consumers and should launch a widespread consumer test by the end of the year.
Symantec, like McAfee, said in a statement issued Friday that it was ready to compete with Microsoft, noting ``the strength of the relationships we have with tens of millions of consumers around the world.''
But the Microsoft product could be attractive to less tech-savvy users, said Van Baker, an analyst at researcher Gartner.
``Symantec, McAfee and Trend Micro all offer a fairly complex offering and customers don't know what else they need to worry about,'' Baker said. ``Microsoft is simplifying what is right now a mess, and in addition to protecting you, it's also going to make sure that your computer runs well.''
Bloomberg News contributed to this report. Contact Sam Diaz at sdiaz@mercurynews.com or (408) 920-5021.
dude_danny
OknPv: I'm pretty sure Dell will get this fixed before June.
Thanks,
dude_danny
Doma: Regarding the second link...When I click on Wave's ETS, an error page comes on. Do you get this as well?
Thanks,
dude_danny
Awk: Very Interesting...!
Thanks,
dude_danny
"We have very concrete specifications for the 'Longhorn Ready' logo," Gates said, although he declined to detail the specifications. Gates said, however, that "most of the new machines (today) already meet that."
dude_danny
Microsoft Previews Next Windows, Aims to Bridge Gap
http://news.yahoo.com/news?tmpl=story&u=/nm/20050425/tc_nm/tech_microsoft_dc_4
SEATTLE (Reuters) - Microsoft Corp. (Nasdaq:MSFT - news) on Monday showed off features of its next major release of Windows and unveiled an advanced edition of the current generation of its flagship operating system to help fill the gap until the new version launches next year.
Bill Gates, Microsoft's chairman and chief software architect, promised personal computer hardware makers at the Windows Hardware Engineering Conference in Seattle the new version, code-named Longhorn, would offer beefed-up security, richer graphics, better organization and search of information stored on PCs, as well as much faster performance.
"We just gave people a glimpse to show them it's an awfully big deal," Gates said in an interview after his speech.
After delays, the world's largest software maker is facing its longest-ever gap between releases of its Windows operating system, which runs on more than nine out of 10 PCs worldwide. Longhorn's scheduled launch in time for the 2006 holiday season will come five years after Windows XP's debut in late 2001.
Gates reiterated his promise that a preliminary, or beta, version of Longhorn will be available this summer.
In demonstrations of Longhorn, Gates showed a new look of the desktop as well as new ways to organize information.
Semi-transparent windows will allow users to see objects underneath, including moving video, while search results are displayed in real time as queries are typed in.
Gates also showed prototypes of Longhorn-equipped PCs, including a laptop with a small auxiliary screen on the outside that can access information such as contacts, e-mail and other key data without having to flip the machine open and power up.
In the meantime, Gates said a new version of Windows, called "Windows XP Professional x64 Edition," aimed at enterprise customers, will begin shipping next month. They can crunch more information at one time, handling 64 bits of data compared with 32 bits in the previous generation, he said.
That will give it the ability to edit videos, search files and crunch numbers at much faster speeds than the current 32-bit standard.
BRIDGING GAP
Although Gates reaffirmed the delivery schedule for Longhorn, he didn't guarantee it, which could make hardware makers nervous about further delays.
"The date is not the top priority," Gates told Reuters. "Quality is the top priority."
Michael Cherry, an analyst with Directions on Microsoft, an independent researcher based in Kirkland, Washington, said Microsoft and the main manufacturers of the microprocessors that Windows runs on -- Intel Corp. (Nasdaq:INTC - news) and Advanced Micro Devices Inc. (NYSE:AMD - news) -- may already face weaker sales in the run-up to Longhorn's release.
"They're in a dangerous position right now," Cherry said.
To help with the transition and to encourage PC buyers to shop for machines that can provide the computing and graphics power for Longhorn, Microsoft also announced on Monday a "partner logo program."
"We have very concrete specifications for the 'Longhorn Ready' logo," Gates said, although he declined to detail the specifications. Gates said, however, that "most of the new machines (today) already meet that."
While businesses, the main source of Microsoft's revenue, may hold off buying a new PC for a few years, consumers could switch to the longtime thorn in Microsoft's side, Apple Computer Inc. (Nasdaq:AAPL - news)
Apple, based in Cupertino, California, is shipping the latest operating system for its Macintosh PC later this week.
The company describes the software, which it calls "Mac OS X Tiger," as an operating system that already delivers much of the visual and search features that Longhorn promises. Apple also already offers 64-bit PCs with its G5 line of Macintosh computers.
dude_danny
MITRE’s 2005 Technology Symposium
Sorry if posted
http://www.mitre.org/news/events/tech05/summaries-2005.pdf
Pages 101-103 about Enterprise-wide Security with Cryptographic Hardware Assistance
Welcome to MITRE’s 2005 Technology Symposium
This book provides summaries of the projects showcased in this year’s Technology Symposium. The information included here will also be madeavailable on MITRE’s intranet, public server (http://www.mitre.org/news/events/tech05/), and compact disc.
The Technology Symposium promotes discovery and discussion within MITRE and its sponsor community. Each year, it provides a forum for visitors and staff members to hear about the innovative work being conducted within the MITRE Technology Program (MTP), including MITRE
Independent Research and Development (IR&D) MITRE Sponsored
Research (MSR), and Mission Oriented Investigation and Experimentation
(MOIE), as well as research sponsored by the Defense Advanced Research
Projects Agency (DARPA).
The MTP serves as MITRE’s primary mechanism for generating, gathering,
and disseminating relevant technical knowledge throughout the corporation.
The MTP process of exploring technologies that may solve the real-world
needs of our sponsors positions us at the cutting edge of technology. The
knowledge we gain yields direct benefi ts to MITRE, our sponsors, our staff,
and to industry. By learning to leverage the MTP, MITRE staff can better
support the strategic direction of their centers, divisions, and sponsors, and
of the corporation itself.
Please visit the exhibits and talk with the principal investigators to learn
more about the projects described in this book. I hope that you will fi nd the
symposium both informative and enjoyable.
David H. Lehman
Senior Vice President for Information and Technology
Acknowledgments
The research featured in this book is made possible by various funding sources, including
The MITRE Corporation and Mission Oriented Investigation and Experimentation (MOIE)
between the MITRE Corporation and its sponsors, variously, the United States Air Force,
the Army Communications–Electronics Command, the Federal Aviation Administration,
the Internal Revenue Service Internal Research and Development, and the Defense
Advanced Research Projects Agency. The views expressed in this book are those of
the researchers and do not necessarily refl ect the policies or position of The MITRE
Corporation or its sponsors. The following federal regulations apply as appropriate to the
papers presented in this book.
Seeing-Is-Believing: Using Camera Phones for Human-Veriable Authentication. Carnegie Mellon University
Sorry if posted
http://sparrow.ece.cmu.edu/~adrian/projects/sib.pdf
Current mechanisms for authenticating communication
between devices that share no prior context are inconvenient
for ordinary users, without the assistance of
a trusted authority. We present and analyze Seeing-Is-
Believing, a system that utilizes 2D barcodes and cameraphones
to implement a visual channel for authentication
and demonstrative identication of devices. We apply
this visual channel to several problems in computer
security, including authenticated key exchange between
devices that share no prior context, establishment of a
trusted path for conguration of a TCG-compliant computing
platform, and secure device conguration in the
context of a smart home.
This research was supported in part by National Science Foundation
grant number CNS-0433540, U.S. Army Research Ofce contract
number DAAD19-02-1-0389, and by gifts from Bosch and Intel. The views and conclusions contained here are those of the authors and should not be interpreted as necessarily representing the ofcial policies or endorsements,
either express or implied, of ARO, Bosch, Carnegie Mellon
University, Intel, NSF, or the U.S. Government or any of its agencies. devices. Section 5 explains how to use SiB to achieve
demonstrative identication of, and secure connection
to, a particular wireless device, with establishment of a
1The Trusted Computing Group (TCG) is an organization that
promotes open standards to strengthen computing platforms against software-based attacks [2, 3].
dude_danny
O.T. Hearing on Cybersecurity: Getting it Right
Before the Subcommittee on Cybersecurity, Science, Research and Development,
Committee on Homeland Security
United States House of Representatives
July 22nd, 2003
http://66.102.7.104/search?q=cache:6GZYPVpDZc0J:hsc.house.gov/files/testimony%2520Sastry.doc+S.+Shan...
dude_danny
O.T. UC-Berkeley Leads Cybersecurity Consortium
By Michelle Locke
AP
04/12/05 3:05 PM PT
http://www.technewsworld.com/story/security/security-consortium-uc-berkeley-42234.html
Experts from a consortium of colleges will lead a far-reaching effort to keep the nation's computer data safe from cyberattack, the National Science Foundation announced yesterday.
The effort comes after a flurry of security breaches have dramatized the vulnerability of a society that increasingly entrusts its secrets to computers.
Preempting Disaster
The idea is to look at ways to build more secure systems before a disaster along the lines of an "electronic Pearl Harbor," said S. Shankar Sastry, the University of California, Berkeley professor who will be principal investigator and director of the new center.
"If one thinks about the possibilities, they're really quite frightening," he said.
The new center, called TRUST, or the Team for Research in Ubiquitous Secure Technology, is expected to receive nearly US$19 million over five years, with the possibility of a 5-year extension after that.
TRUST is one of two NSF Science and Technology Centers to be funded this year. The second, centered at the University of Kansas, will study how the balance of mass in the polar ice sheets may affect sea level.
Partnering Up
Berkeley will be joined by Carnegie Mellon University, Cornell University, Mills (NYSE: MLS) College, San Jose State University, Smith College, Stanford University and Vanderbilt University.
A number of businesses also will be affiliated with the project, including Microsoft Corp. (Nasdaq: MSFT) , Hewlett Packard Co., IBM Corp. (NYSE: IBM) , Sun Microsystems Inc. (Nasdaq: SUNW) and Symantec Corp. (Nasdaq: SYMC)
TRUST researchers will explore developing technology that will help organizations build secure information systems.
Beyond thwarting cyberthieves, they will also look at ways to keep systems running even when being struck, a concept known as "degrading gracefully under attack," said Sastry, a professor of electrical engineering and computer sciences.
© 2005 AP. All rights reserved.
dude_danny
Re: XBOX 2 info
Hi Barge, Mr. Blight of Voyager Systems seems to aggree with your assessment of XBOX 2's security features. Check out pages 8-14, and page 86.
http://www.blackhat.com/presentations/win-usa-04/bh-win-04-blight/bh-win-04-blight.pdf
Best Regards,
dude_danny
(O.T.) Jay: Right on!
dude_danny
O.T. Microsoft Sues Alleged Identity Thieves
http://news.yahoo.com/news?tmpl=story&ncid=738&e=1&u=/ap/20050331/ap_on_hi_te/microsoft_...
19 minutes ago Technology - AP
REDMOND, Wash. - Microsoft Corp. on Thursday filed 117 federal lawsuits against unnamed defendants, accusing them of a high-tech form of identity theft known as "phishing."
The lawsuits, filed in U.S. District Court for the Western District of Washington, accuses the "John Doe" defendants of using mass e-mail or pop-up ads to coerce consumers into revealing personal information such as bank account information, passwords or social security numbers.
The Redmond-based software company said it filed the lawsuits in hopes of uncovering some of the largest operators.
In phishing scams, the Internet-based communications often purport to be from legitimate organizations, such as banks, and use that perception of a trusted relationship to get people to reveal personal information.
To avoid such identity theft, experts warn that users should be wary of giving out any personal information via e-mail or pop-up ads, especially if someone contacts them unexpectedly. Users also should be wary of clicking on e-mail links, which could divert a user to a malicious site that will then steal personal information.
dude_danny
CM: My Condolences. May God comfort you and your family.
Best Regards,
dude_danny
Niveus Media Center -K2 Edition, Fact sheet( Wavxpress included)
Sorry if posted
http://www.niveusmedia.com/collateral/Factsheet_NMC_K2.pdf
dude_danny
Thanks Waveduke, Eamon: Great Observation!
dude_danny
AIT (Indonesia) primary distributers for Toshiba and Samsung
News about TPMs getting around...
http://www.aneka-infokom.co.id/news/?page=list
http://www.aneka-infokom.co.id/news/?id=95
Tech Info: Trusted Platform Module (TPM)
3/10/2005 4:10:35 PM
Trusted Platform Module, TPM for short, is a secure storage chip for unique Public Key Infrastructure (PKI) key pairs and credentials. In other words, it is the ideal “safety box” where keys of encrypted data can be kept. A small security controller, TPM was developed to conform to industry standard specifications issued by the Trusted Computing Group (TCG) and it provides the standard for Computing Platform Security.
dude_danny
Toshiba EasyGuard - carefree mobile computing
Sorry if posted
http://www.aneka-infokom.co.id/news_story/Toshiba_EasyGuard_Matrix.pdf
dude_danny
Controversial Report Finds Windows More Secure Than Linux
Researchers found Windows had fewer holes and patches came out faster. But Linux advocates say that the report makes unfair comparisons and that the researchers have Microsoft ties.
By Michael Cohn
March 14, 2005
http://nwc.serverpipeline.com/showArticle.jhtml?articleID=159900325
Great Find Snackman!
I do agree with you with Wave's progress. Onward and UPward!
Best Regards,
dude_danny
Doma Great Find!
You the Man!
dude_danny
O.T. Trusted Computer Solutions Gains $21.7 Million
Contract with Air Force Research Labs
http://www.tcs-sec.com/news/6news6_1_1u.htm
TCS Product to Help Bolster Intelligence-Sharing throughout Department of Defense
HERNDON, Va., Mar. 09, 2005 – Trusted Computer Solutions, Inc. (TCS), a leading supplier of secure information sharing technologies to the Department of Defense, the intelligence community and commercial industry, today announced it has been awarded a multiple-year contract with the Air Force Research Lab (AFRL)/IFKO for $21.7 million.
Under the GSA Blanket Purchase Agreement, the Air Force will purchase TCS SecureOffice® Trusted Workstation™, which will be the primary application-level component of the Department of Defense Intelligence Information System (DoDIIS) Trusted Workstation (DTW). The agreement is valued at $21.7 million with a base period of three years.
DTW improves cross-domain file transfer by enabling intelligence analysts to view and share vital data across multiple classified networks from a single desktop. DTW addresses the demand for strengthening terrorism information sharing to protect Americans by offering enhanced interoperability and increased network security among government agencies.
“This system addresses the country’s need to better our war-fighting ability through enhanced data-sharing among agencies,” said Edward Hammersla, chief operating officer at TCS. “This contract to deploy the DTW technology will not only help protect our nation against potential threats, but also reduces the cost of government business and improves productivity and efficiency.”
TCS applications solve secure information sharing problems at the lowest cost and on a rapid deployment timeline. SecureOffice Trusted Workstation has been in operation and accredited since 1996.
About Trusted Computer Solutions, Inc.
Founded in 1994, Trusted Computer Solutions (TCS) is an industry leader in cyber security and information sharing software products. TCS products and services offer a simple solution that enables government and commercial organizations to securely share information while protecting vital information assets. The company’s SecureOffice® products are installed and in operational use around the world today protecting our nation’s most sensitive digital information. Tested and assessed by the National Security Agency and accredited by the Defense Intelligence Agency for operational use, TCS products adhere to the most stringent security standards in the world. TCS is headquartered in Herndon, Va., with offices in Urbana, Ill. and San Antonio. For more information, visit www.TrustedCS.com.
dude_danny
CM: Great Find!
Thanks and by the way, you are not off focus IMO.
dude_danny
Wireless Computing - Can It Be Done Securely?
Secure Wireless Schools?
School District 43 (Coquitlam)
Brian Kuhn, Manager of Information Services
Heritage Woods Secondary
2005 Privacy & Security Conference
Another opportunity for Wave?
http://www.mser.gov.bc.ca/privacyaccess/Conferences/Feb2005/ConfPresentations/Brian_Kuhn.pdf
dude_danny
INFORMATION SECURITY
Strong Authentication - Broadening Market Attracts Competitors
Sameet Sinha, Research Analyst, America's Growth Capitol
Sorry if posted
http://www.ncipher.com/investors/documents/AmericasGrowthCapitalJan2005_000.pdf
Executive Summary:
This White Paper focuses on strong authentication technologies and vendors. With
it, we initiate coverage of Vasco, a pure-play authentication solutions provider and
launch monitor mode coverage of ActivCard, Aladdin and Secure Computing. We
further frame existing coverage, particularly, RSA, Entrust and Tumbleweed. This
marks the fourth in a series of White Papers exploring enterprise security. The
series began with "The Next Generation Landscape", published Jan 13, 2004,
"Authenticated Email Primer" published April 8, 2004 and "Follow That Cert"
published June 17, 2004.
Related Companies
Hopefully, Wave will be included in the near future...
dude_danny
National Semiconductor Trusted Platform Module (TPM) driver - ThinkCentre A51, A51p, M51, S51
Sorry if posted
http://www-1.ibm.com/cgi-bin/pc/support/supportR5lite/pagegen/qtechinfo/en_US/MIGR-58254.html?lang=d...
dude_danny
WHITE PAPER: Validation of Hardware Security in PC Clients, Sponsored by: IBM and Microsoft
Sorry if posted
http://www.pc.ibm.com/us/pdf/idc_compliance_whitepaper.pdf
dude_danny
Stefan Bechtold's Trusted Computing Blog
http://cyberlaw.stanford.edu/blogs/bechtold/tcblog.shtml
dude_danny
Trusted Computing: Whom do we trust? :Stanford Law School Center for Internet and Society
http://cyberlaw.stanford.edu/events/archives/stefan_bechtold_2005.shtml
Stefan Bechtold (2005)
Monday March 28, 2005
12:30 – 1:30 p.m.
Room 271
Free and Open to all!
Lunch Served
Trusted computing architectures attempt to increase trust in networked computing environments. Since a few years, interest in research and implementation of trusted computing technologies has risen considerably. Initiatives such as the Trusted Computing Group, Microsoft’s Next Generation Secure Computing Base and Intel’s LaGrande could alter the IT infrastructure landscape as we currently know it in considerable ways. This talk describes the fundamental technological concepts on which trusted computing is based and presents an overview of their legal and policy implications. In particular, the talk focuses on the relationship between trusted computing and competition policy, open source software, patent licensing, privacy and copyright law. Furthermore, the talk investigates the value decisions that must be made when designing the infrastructure that surrounds any trusted computing architecture. On a more philosophical level, the talk looks at different approaches to establish trust in networked computing environments as an answer to the increasing complexity of computer networks.
Stefan Bechtold graduated from the University of Tuebingen Law School,
Germany, in 1999. From 1997 to 2004, he was a research assistant to
Professor Wernhard Moeschel at the University of Tuebingen Law School. In
1999 and 2000, he was a Visiting Scholar at the University of California at
Berkeley School of Law. In 2001, he received a Dr. iur. (legal Ph.D.) from
the University of Tuebingen Law School. Supported by a Fulbright
scholarship, he received a master’s degree (J.S.M.) from Stanford Law School
in 2002. Since 2002, he is a Fellow at the Center for Internet and Society
at Stanford Law School where he maintains a Trusted Computing Blog. From
2002 to 2004, he was a law clerk (“Referendar”) at the regional court
(“Landgericht”) of Tuebingen, which is a mandatory part of German legal
education. As part of this training, he spent a three-month internship at a
telecommunications law unit of the European Commission’s Directorate General
Information Society in summer 2004. In 2004, he was appointed to the expert
committee on copyright and publishing law of the “Deutsche Vereinigung fuer
gewerblichen Rechtsschutz und Urheberrecht e.V. (GRUR)” (German professional
association for intellectual property law). Since January 2005, he is a
Senior Research Fellow at the Max Planck Institute for Research on
Collective Goods in Bonn, Germany, where he is writing his “Habilitation”
(post-doctoral thesis). More information can be found at his website.
dude_danny
"Putting Trust Into Computing:Where Does it Fit?"
RSA Security Conference by TCG on Feb 14, 2005
Sorry if posted.
https://www.trustedcomputinggroup.org/downloads/Putting_Trust_Into_Computing_Where_Does_It_Fit_021405.pdf
Security Solutions Using TCG Technology
George Kastrinakis
Wave Systems Corp.
February 14, 2005
(Slides 68-79)
Uses of TCG Technology in Applications
William Whyte
NTRU Cryptosystems (Slides 81-99)
dude_danny
My deepest condolences...May God comfort the Yayas, family, and friends
dude_danny
Advanced Systems Security Advanced Systems Security
(Spring 2005) Spring 2005)at Penn State
Lecture 6 - Trusted Computing
More education...leading to more application...IMO
http://www.cse.psu.edu/~cg597a/slides/cse597a-lec-6-tcpa.pdf
dude_danny
Thanks CM...
dude_danny
CM: thought you would be interested...
Best Regards,
dude_danny
“Establishing a Trusted Computing Base for Software Defined Radio”
http://www.jhuisi.jhu.edu/institute/events/Rhill-Sem02-11-2005.pdf
FRIDAY, FEBRUARY 11, 2005 by
Raquel Hill, Ph.D.
Department of Computer Science and the National Center for Supercomputing Applications
University of Illinois at Urbana-Champaign
ABSTRACT
Software Defined Radio (SDR) is a rapidly evolving technology that is receiving enormous recognition and
generating widespread interest. SDR technology implements radio functionality such as modulation/demodulation,
signal generation, coding and link-layer protocols in software Implementing such functionality in software creates
highly flexible handsets that can be reconfigured to upgrade and adapt equipment to user preferences and regional
regulations. Reconfigurability enables the use of the same equipment in different regions as well as the fast
introduction of new services into mobile networks without requiring the purchase of new terminals. While the
benefits of reconfigurable radios are enormous, the ability to reconfigure radio functionality with software may lead
to serious radio security problems such as unauthorized use of application and network services, unauthorized
modification of software and malfunctioning radio equipment. For example, to illustrate the latter, software can be
introduced into a device that changes its radio frequency (RF) operating characteristics so that it is no longer
functions within the regulated constraints (e.g. frequency, power, modulation). Such changes in RF parameters
may be used to launch denial of service (DoS) attacks on the hardware or entire wireless network.
Current techniques for ensuring that a radio is functioning within authorized parameters are not applicable for SDR
equipment because RF parameters that were once fixed in hardware may now be reconfigured during regular
operation. Users and service providers who once trusted the function of hardware are now required to trust that
software provides the correct functionality , software components have been configured properly, SDR devices are
running the appropriate software and that the hard caused by malicious or buggy software can be managed and
limited.
Dr. Hill will present a framework for establishing a trusted computing base for SDR. This framework uses both
software and behavioral attestations to prove that the SDR device is running the appropriate code and that the code
is functioning properly. The framework uses software attestations to establish trust between an SDR device and a
service provider or between SDR devices that are communicating in an ad-hoc manner. Both software and
behavioral attestations are used to establish a failsafe mechanism for SDR devices that are improperly configured or
running malfunctioning software.
B
IOGRAPHICAL INFORMATION
Raquel Hill earned B.S. and M.S. degrees in Computer Science from the Georgia Institute of Technology in 1991
and 1993 respectively. From 1993 to 1996, she was a Member of Scientific Staff and Nortel Networks in RTP,
North Carolina. In November 2002, she received a Ph.D. in Computer Science from Harvard University. After
receiving the Ph.D., she was a Lecturer in the School of Electrical and Computer Engineering at Georgia Tech from
November 2002 to August 2003. Her research interests include security for wired and wireless infrastructures,
resource allocation protocols, and security requirements and policies.
Free and open to the public.
*Light refreshments will be served.
dude_danny
British Computer Society (BCS), 15th January 2005
Check out pages 7 and 8... interesting stuff...
http://www.bcs.org/NR/rdonlyres/4D045066-6491-4AD0-BFED-1B86A9D73D8E/0/BCS_ECEISS_Submission2.pdf
"The British Computer Society is the United Kingdom’s leading professional
body for the IT industry. With over 45,000 members, the BCS is the
Professional and Learned Society in the field of computers and information
systems.
The BCS is responsible for setting standards for the IT profession. It is also
leading the change in the public perception and appreciation of the economic
and social importance of professionally managed IT projects and
programmes. In this capacity, the Society advises, informs and persuades
industry and government on successful IT implementation."
Trust & dependability
o Research on dependability of integrated human-machine systems in which
multiple layers of technology / service platforms must co-ordinate to deliver
services
o Development of effective frameworks for individuals to manage boundaries
between private & publicly available personal data held by others or held on
personal information devices.
o Development of simpler ways for individual users to manage privacy & security
of systems. Home broadband already presents a significant network security
problem as home users do not have the skills (or inclination) to maintain
security, resulting in virus propogation.
dude_danny
Awk: ARM/KOREA
http://www.asic.net/notice/filedata/Session2.pdf
dude_danny
2005 information safely march into " the trust " the time
CHINESE article...they are coming on the trusted computing bandwagon...
http://translate.google.com/translate?hl=en&sl=zh-CN&u=http://www.ccw.com.cn/netprod/qz/htm2...
dude_danny
oknpv: totally concur...it's good to see that we are moving up...we may reach 10 by the end of this year...LOL
Best regards,
dude_danny