Register for free to join our community of investors and share your ideas. You will also get access to streaming quotes, interactive charts, trades, portfolio, live options flow and more tools.
Register for free to join our community of investors and share your ideas. You will also get access to streaming quotes, interactive charts, trades, portfolio, live options flow and more tools.
HP unveils new PCs in massive product roll-out
http://news.cnet.com/8301-10784_3-9964073-7.html
It may be sitting pretty atop the PC market, but Hewlett-Packard isn't going to sit still.
The world's argest PC manufacturer plans to roll out 50 new products Tuesday at a conference in Berlin, the largest such product refresh in the Personal Systems Group's history. Of those products, HP added new touches to just about everything, freshening up its Touchsmart all-in-one desktop, commercial and consumer notebook lines, as well as two machines within its high-end gaming brand, Voodoo PC.
While it's that time of year for product refreshes, this is more than the usual speed bump or spec tweak. Though competitors like Dell, Acer, and Lenovo are increasingly focusing on consumer retail PCs, HP is showing that it doesn't want to give up any of the ground it's gained over the last couple quarters.
"They're fortunate for being in right place at right time: being in consumer, and being in retail," said Richard Shim, PC analyst with IDC. "They're showing they're not taking that for granted, and keeping consumers engaged in the products."
It's a tough task when most PCs are made by the same manufacturers with products from shared suppliers. That's where HP hopes its new and improved TouchSmart PC comes in.
It's slimmed down in size--far more minimalist in design concept--and price compared with the original model, but the key is really the improved touchscreen interface. Exterior design used to be a way to stand out, but with a category in decline like desktops, a unique software experience could be an attention-getter.
Offering an experience that you can't get from a Windows-based Dell, or even an Apple iMac, is complicated, said Shim. "That really separates the major players from the minor players, since only the big guys can afford to do this kind of thing. HP is taking advantage of its position in the market."
The new HP-only interface is also a kind of "end-run" around Microsoft's Windows we'll be seeing more often, said Ross Rubin, director of industry analysis for The NPD Group.
It's already happening in the mininotebook category, where instead of being limited to one option for an operating system, PC vendors are offering different flavors of Linux, as well as alternate interfaces that sit on top of Windows.
Design continues to be a priority for HP, as evidenced by the new products, from the high-end to the refreshed line of consumer notebooks, to the new brushed aluminum finish for its commercial Elite line.
But it's the Voodoo brand where HP is most able to experiment with new looks.
Last week, Rahul Sood, Voodoo PC's founder and current CTO of HP's global gaming business, released photos of him cutting his birthday cake with the famously thin MacBook Air. In the accompanying blog, Sood slyly remarked that he "wouldn't be needing this notebook for long anyways."
That's because HP's got its own razor-thin notebook now, called the Voodoo Envy 133. Though the price (starts at $2,099) puts the machine out of reach for most mainstream PC buyers, the ultrathin and light Envy is HP's attempt to position the Voodoo brand name in the same arena as Apple and Lenovo. For now Voodoo still has limited awareness outside the gaming and performance PC enthusiast crowds. As with the Blackbird 002 gaming desktop, the Envy will tie HP's recognizable brand to up-and-coming Voodoo.
The other Voodoo product released Tuesday is a departure for the brand in another way. A new gaming tower, the Voodoo Omen, is unlike anything HP has released before, and has no real counterpart in terms of design in the gaming world. The Omen is stark and simple on the outside, with brushed aluminum tower with the Voodoo logo on the face replacing colorful plastic. It's nearly the exact opposite of last year's Blackbird, or Acer's recent foray into the market.
Despite all this, there's still big challenges for HP ahead as it attempts to differentiate its products from the rest of the field and offer a wide array of products. Not only are they trying to take on Apple in terms of design and innovation, but it's still doing battle with and old, but suddenly resurgent foe, Dell. Plus, Acer is selling notebooks like hotcakes, and even Asus is trying to push its way into the consciousness of the mainstream PC buyer.
So despite the progress the company has made, HP can't get comfortable.
"The challenge for them, is that other guys will do same thing," observed Shim of IDC. "The difficulty for HP is to integrate new technology and new innovation and still remain price competitive."
2000 share trade pre-mkt @ $1.29 e/
oclv99... just got a text from internet...
sks is still giving his formal speech. No news yet.
Barge: Apple Introduces 3G IPhone >AAPL
By Ben Charny
Of DOW JONES NEWSWIRES
SAN FRANCISCO (Dow Jones)--Apple Inc. (AAPL) on Monday introduced its
long-awaited 3G iPhone for $200, which will be available starting Wednesday,
and outlined its new iPhone software store, in moves demonstrating how central
Apple's iPhone is to the computer maker's future.
The new iPhone was the most eagerly anticipated of the developments Apple
Chief Executive Steve Jobs revealed Monday during an address to a gathering of
Apple developers. The new version is also slightly thinner than the older
model and contains a global positioning service. Apple intends to sell the
device in 70 countries over the next few months.
Apple also unveiled another 3G iPhone, which costs $300, but has double the
memory of the $200 version.
The 3G iPhone is considered key for Apple to gain share in Asian and
European nations where wireless networks that deliver Internet access at wired
broadband speeds are much more in demand. The new device, in tandem with the
new iPhone software sales that Jobs also introduced Monday, is also expected
to drive more business from enterprises, an area Apple has been historically
weak in, and thus potentially help Apple take some share away from BlackBerry
smartphone maker Research In Motion Ltd. (RIMM) and No. 1 handset maker Nokia
Corp. (NOK).
So far, there have been 6 million iPhones sold, Jobs said.
-By Ben Charny, Dow Jones Newswires; 415-765-8230; ben.charny@dowjones.com
Hard disk makers aim for speed bump
http://www.techcentral.ie/article.aspx?id=12181
Seagate and Western Digital line up new drives
Computers & Peripherals | 09 Jun 2008 :
Hard disk manufacturers Seagate and Western Digital have introduced new drives aimed at increasing performance and capacity for enterprise servers, storage and netbooks.
Seagate is to introduce a new member of its Savvio family of hard disks later this year. The Savvio 10K.3 hard drive is a small form factor, 10,000rpm, 2.5-inch device with a capacity of 300GB targeted at enterprise storage and servers. Seagate said it offers 70 per cent lower power and a 60 per cent input/output operations per second (IOPS) performance increase, compared to traditional 3.5-inch drives.
The self-encrypting Savvio 10K.3 also comes with government-grade Full Disk Encryption (FDE). Seagate claimed an estimated mean time between failures (MTBF) of 1.6 million hours for the new drive.
Seagate is also integrating its PowerTrim technology into Savvio drives which manages drive power consumption during idle activity, which should help IT managers save power in energy-constrained datacentres.
The Savvio 10k.3 also boasts a data transfer rate of 6GB/s, thanks to its inclusion of the new serial attached SCSI (SAS) 2.0 specification. This contains extra signal and data integrity features designed to tempt enterprise users away from older Ultra320 SCSI technology - which uses a parallel rather than a serial interface.
SAS vendors also point to increased improved reliability and fault detection with SAS drives, as well as its ability to operate with lower performance serial ATA (SATA) drives. Mixing SAS and SATA drives allows firms to create tiered storage architectures combining higher performance SAS drives for accessing frequently required content, and SATA drives for content required less frequently.
The Savvio 10K.3 is planned for general availability in the second half of 2008.
Meanwhile, Western Digital is to introduce a new range of hard drives, aiming to boost the performance of notebooks and personal storage devices.
It's new family of 7,200 rpm, 2.5-inch SATA hard drives, the Scorpio Black, will offer 320GB storage capacity while consuming less power, WD claimed.
Scorpio black drives have a data transfer of 3GB/s and a 16MB cache for data buffering, as well as benefiting from other WD trademark features, such as IntelliSeek for calculating optimum seek speeds to achieve lower power consumption, vibration and noise. Other WD trademark features include SecurePark for improving long term reliability by 'parking' the read/write heads off the disk surface when the disk spins up or down during data access.
For drive protection, WD has included ShockGuard and a built in free-fall sensor, which detects if the drive is dropped during use; it can park the disk read/write heads off the disk surface to reduce damage in less than 200ms.
Securing the new network
http://searchnetworking.techtarget.com.au/articles/24906-Securing-the-new-network
In years past, companies relied on network edge security to establish a perimeter separating trusted insiders from everyone else. However, the distributed and dynamic nature of modern networks, combined with targeted threats against applications and data, is changing that focus. Today, network security is more about controlling individual user access to services and data, and auditing their behavior to ensure compliance with policies and regulations.
For example, when IDC surveyed enterprises about pressing security challenges for 2007, growing attack sophistication, lack of employee adherence to security policy, and increasing complexity of security solutions and network traffic were top concerns. Moreover, the larger the enterprise, the greater the risk posed by internal sources. Insider abuse of network access and email surpassed virus infection as the most reported incident in this year's Computer Security Institute Computer Crime and Security Survey.
In short, today's threat landscape has fundamentally altered what constitutes an effective defense or timely response. Businesses must inspect not only network protocols but the valuable and sensitive information those messages carry. Stopping insider misuse and abuse requires more granular measures like endpoint security, identity-based network access controls and network behavior analysis. Best practices developed for perimeter security still apply, but they must now be deployed more pervasively and become an integral part of the network itself.
Unified threat management
Most purpose-built perimeter firewalls have now morphed into multi-function unified threat management (UTM) appliances. These malleable all-in-one network security platforms can deliver firewall, intrusion prevention and antivirus services from a single, integrated box. Many can also provide further security services, from anti-spyware and VPN capabilities to spam and Web filtering.
UTM is not a product but a contemporary approach to battle sophisticated network-borne threats with fewer moving parts. For many businesses, the question is not whether to apply UTM, but when, where and how to consolidate security services. Successful UTM deployment requires careful planning. Start by considering where security services could be consolidated throughout your network, and the benefits and impacts of doing so.
Where consolidating everything on one platform is impractical, plan to distribute security services across multiple UTM appliances or UTM chassis blades. Apply UTM at internal trust boundaries in a layered defense to distribute workload and enforce policies with increasing granularity. For example, coarse network/intrusion prevention filters might be applied at the outer perimeter, backed by detailed email inspection as messages enter a server pool.
Finally, although UTM may lead to retirement of older systems, it does not require displacement of best-of-breed solutions that are meeting business needs. The more granular the corporate policy is, the more likely it is that at least some best-of-breed depth will be required to complement UTM breadth.
Application firewalls
As network firewalls grew robust, attackers adjusted their tactics. Today's most dangerous threats are aimed at specific application protocol vulnerabilities, coding flaws and configuration errors. According to CSI, one in five companies even experience attacks that target specific groups or individuals. Application firewalls can help defeat these more tightly focused attacks.
Many UTM firewalls use "deep" packet inspection and/or proxy techniques to examine message content for malicious URLs, viruses and spyware, but they are still general-purpose devices. On the other hand, an application firewall is a highly specialized system designed to protect and defend a single business application.
For example, Web application firewalls examine HTTP/HTTPS/SOAP/XML requests and responses, looking for attacks against Web servers and their applications. VoIP application firewalls filter and proxy SIP/SIPS/RTCP/RTP streams, mapping calls to registered users and defending call managers and PBXs from VoIP hacks.
Application firewalls do not replace UTM firewalls; they are deployed behind established trust boundaries, complementing broader defenses with a more detailed layer of security. Application firewalls can be helpful wherever network defenses do not sufficiently protect high-value, high-threat, mission-critical applications.
SSL VPNs
In a perimeter defense, virtual private networks (VPNs) can securely connect branch offices and trusted laptops to corporate networks -- in effect, treating them as trusted insiders. But B2B partnerships and mobile workforces have blurred those trust boundaries. For employees using home PCs and suppliers that deserve limited access, those old remote-access VPN clients are insufficient and impractical.
According to Forrester Research, Secure Sockets Layer (SSL)-based VPNs have become the technology of choice for remote access, used by 44% of North American enterprises. Why? SSL VPNs leverage Web browsers to avoid client software installation. By using embedded browser capabilities to authenticate, encrypt and verify traffic, SSL VPNs can deliver secure access with less hassle.
Early SSL VPNs were limited to applications with browser-based interfaces. Today's SSL VPNs offer multiple access methods, ranging from Web portals to bi-directional network tunnels. Common applications like webmail and file access can be reached through any browser, but many other applications require client-side processing. To accomplish that, an ActiveX or Java agent is pushed to the browser at connect time and "dissolves" at logoff. But more challenging applications (e.g., VoIP) require permanently installed SSL VPN agents.
Using SSL VPNs, businesses can extend at least basic access to unmanaged devices, such as home PCs, public kiosks and consultant laptops. Because those endpoints could be unprotected or compromised, however, most SSL VPNs offer two further capabilities:
Endpoint scans: SSL VPNs may use dissolvable agents to examine device state, such as determining whether antivirus software is current and running.
Granular controls: Based on scan results and authenticated user identity, SSL VPNs can restrict users to specific authorized resources and actions.
For example, when Sue logs in from a business center PC, she might have read-only access to her mailbox and nothing more. In addition to limiting access, the SSL VPN would stop Sue from leaving behind cookies or temp files. But when connecting from her company laptop, she can write to databases and save files to her encrypted laptop.
Endpoint security
Devices used for remote access are not the only endpoints that can and should be protected. Antivirus became standard issue on corporate desktops and laptops long ago. As Internet connectivity grew, host-resident (personal) firewalls became popular enough to be included in operating systems.
Today, those measures are just a starting point. To stop more diverse and hostile threats, desktop security vendors have assembled advanced defenses into endpoint security suites. Like UTM, these tightly integrated bundles combine firewall, antivirus, anti-spyware, anti-spam and intrusion prevention services. Unlike UTM, endpoint security suites are programs that run on each host. Enterprise-class endpoint security suites go further by using an IT server to centrally install and maintain those clients.
Why should companies apply such defenses within the network and at the desktop? UTM stops malware before it spreads, reducing bandwidth consumption and cleanup cost. Endpoint security hardens desktops against insider attack and protects mobile laptops connected to public networks. Many endpoint security suites go beyond network threats -- for example, identity theft protection on home PCs or black-listing risky applications on corporate endpoints. Together, UTM and endpoint security are more effective than either could be alone.
Network access control
Endpoint security is effective only when enforced. Without IT oversight, users fail to keep up with software patches and signature updates. When defenses impede usability, workers disable or reconfigure them. Even endpoint security software can be corrupted, accidentally or intentionally, and stealthy rootkits can mask symptoms.
Network access control (NAC) has emerged as a promising approach to enforce endpoint security and deliver appropriate access to each user. NAC takes a page from the SSL VPN playbook by treating everyone -- on-site contractors, Wi-Fi visitors, off-site employees -- as potentially untrustworthy and unsafe. NAC authorizes resource access based on the combination of authenticated user identity, endpoint security state, and policy. NAC makes and enforces access decisions at network connect time and/or by periodic reassessment thereafter.
The potential benefits of NAC are many. Laptops that leave the enterprise and return infected can be quarantined for remediation. Visitors with "clean machines" can be given Internet-only access. Not only can policy be enforced on managed endpoints, but NAC can help document compliance for all network usage.
NAC is being promoted as the model to which enterprises should aspire, but few have attempted full-blown implementation. Some companies are waiting for a winner to emerge from the chief contenders: Cisco's Network Admission Control, Microsoft's Network Access Protection, and the Trusted Computing Group's Trusted Network Connect. Others have been put off by the network upgrades and endpoint agents needed to enforce access decisions. Some have deployed NAC appliances -- tactical overlay devices that scan endpoints and control what users can reach without relying on (or cooperating with) network infrastructure or endpoint security servers.
Many analysts believe that NAC will become an accepted best practice. Others find NAC architectures overly complex and believe that NAC appliances suffice. Still others argue that endpoint software, rather than the network, should enforce access decisions. Only time will tell which approach will prevail. All seem to agree, however, that network access must be more tightly controlled, reflecting identity and endpoint state.
Network security monitoring
Controlling network access is half the battle -- the rest is keeping a watchful eye on any threat or high-risk traffic that slips past those defenses or originates inside the network.
Network intrusion detection systems (IDS) complement perimeter firewalls by passively observing traffic and alerting administrators to attacks. IDS have largely given way to intrusion prevention systems (IPS) -- active systems that not only detect, but prevent, intrusions. UTM appliances are one way to deploy IPS; best-of-breed IPS systems are another. IPS can also be applied to wireless environments using either embedded wireless LAN controller capabilities or by deploying overlay wireless IPS servers and sensors.
Intrusion prevention compares monitored traffic to signatures and protocol rules. When violations are spotted, IPS can take policy-based action to break the connection or quarantine the source. However, IPS focuses on traffic at trust boundaries: behind the firewall, or behind the VPN concentrator, at the point where wireless hosts connect.
Today, companies must also be concerned about activity inside the network, between systems within the same trust groups. Atypical interaction between servers and hosts can be evidence of attack, even when permissible protocols are used. To address this, a new class of security product has emerged: network behavior analysis (NBA). This uses flow observation to spot traffic spikes, unexpected activity and policy violations. NBA can profile relationships, flag anomalies, and spot zero-day attacks for which IPS signatures and endpoint security patches have not yet been deployed.
Finally, in large networks, security has grown so complex that administrators can no longer effectively analyze logs and alerts and flow records without assistance. Security information management (SIM) products can gather, aggregate and correlate security data from network devices, application servers, databases, firewalls, VPN concentrators, NAC appliances, endpoint security servers, and so on. Like NBA, SIM is a relatively new field that larger enterprises should watch.
Why have UTM appliances grown so popular, so quickly?
According to IDC, UTM is the fastest growing segment of the security appliance market. Worldwide sales are projected to exceed $3 billion by 2009. Here's why:
Network-borne threats now blend attack techniques to evade legacy defenses. For example, spyware -- especially Trojans and rootkits -- are dangerous and hard to remove. Most are delivered by unwanted email or malicious websites. Once implanted, they "phone home" over back-channels that pass through lax perimeter firewalls. Network-based IPS, antivirus, anti-spam, and Web filtering can stop spyware before it reaches the desktop.
Smaller businesses are easily overwhelmed by the cost and complexity of deploying multiple independent best-of-breed security systems. Larger enterprises are better able to manage those systems, but adding a new cluster to address every new threat adds network latency, reduces reliability, and increases capital and operating expense. UTM makes it possible to combine security services in ways that make the most sense for each business and location.
About the author:
Lisa A. Phifer is Vice President of Core Competence.
Trusted Computing Group draws new member
Lumeta joins Trusted Computing Group
Trusted Computing Group's work for security devices to share the data they collect is drawing more members to the standards group.
Lumeta, which makes a network-discovery appliance called IPsonar, says it is joining TCG so it can participate in use of a new standard that facilitates such sharing.
TCG has launched an effort to promote a protocol it calls IF-MAP, which stands for interface for meta-data access point. The protocol is intended to be spoken between security devices on networks and a MAP that receives and posts the data.
The posted data can then be picked up by IF-MAP compliant devices that can make use of this data that they would otherwise have no access to. So a change-management platform might flag a configuration deficit on a device and a security management device reviewing that alert might recognize that shortcoming as a violation of security policy.
Related Content
The result could be fixing a vulnerability before it can be exploited, whereas the vulnerability might not have been detected in the absence of presenting the deficit to a metadata store.
Correction of the vulnerability could also make use of the meta data store. Another device such as a firewall could change policies to protect the vulnerable device before the vulnerability is exploited, for example.
Lumeta is the first vendor to announce that it has joined TCG specifically to support IF-MAP, which was introduced in April.
So far TCG hasn’t announced anyone actually using IF-MAP in the field, but stay tuned for more on that.
Hey barge!!
http://www.pcmag-mideast.com/NewsDetail.aspx?ID=1266
Gigabyte Wins Best Choice 2008 in Computex
Gigabyte United Inc., announced its GA-EP45-DQ6 and GA-EP45-DS5 motherboards have both won a "Best Choice of Computex Taipei 2008 Award", an award recognized and given by an evaluation committee comprised of experts from the industry, academia, media, and government.
In the motherboard category, Gigabyte's GA-EP45-DQ6 beat out the competition and was awarded top prize. Designed for enthusiasts with extreme performance in mind, the Gigabyte flagship motherboard GA-EP45-DQ6 features several unique GIGABYTE innovations including Ultra Durable 2 with high quality component design and Dynamic Energy Saver Advanced Technology, delivering unmatched energy efficiency through multi-gear phase power switching. The GA-EP45-DQ6 also features Gigabyte's Ultra TPM with onboard Trusted Platform Module (TPM) data security, providing hardware-based encryption and decryption with digital signature keys to ensure a maximum level of data protection with 2048 bit encryption. Based on the newest Intel P45 chipset plus support for the latest multi-core processors up to FSB 1600MHz, including the Intel 45nm processors, the GA-EP45-DQ6 is CrossFireX enabled with dual PCI-E 2.0 x8 connectivity, features 7.1 channel surround sound support for real-life audio quality and 4 Gigabit LAN port functionality.
In this year's new Green IT category, Gigabyte's GA-EP45-DS5 also took top honors. Also based on Intel's P45 chipset, the GA-EP45-DS5 features Gigabyte's revolutionary Dynamic Energy Saver Advanced technology, providing unparalleled power savings with the simple click of a button. Featuring an advanced proprietary hardware and software design, GIGABYTE Dynamic Energy Saver Advanced is able to provide exceptional power savings of up to 70% and up to 20% improved power efficiency without sacrificing computing performance.
Waverider, can you imagine
a billion X $50???? lol !!
Input: Federal IT spending growth near historic low
http://www.washingtontechnology.com/cgi-bin/udt/im.display.printable?client.id=washingtontechnology_daily&story.id=32906
06/03/08 -- 10:16 AM
By David Hubler
Sponsored By
A number of factors are converging to create a federal information technology spending environment described by the market research firm Input as tempered momentum.
In its new five-year federal IT market forecast, the firm said the current economic downturn, increasing Congressional scrutiny of budgets and performance, effect of war funding on overall discretionary spending and uncertainty about the next administration have all contributed to the situation.
Those factors combined will slow the growth of federal IT contract spending to 4.1 percent annually, from $71.9 billion in 2008 to $87.8 billion by 2013, the analysis firm said.
“After a sustained period of relatively unbridled increases in federal IT expenditures, the market has entered a period fettered with uncertainty and complexity that has slowed the growth in IT spending to near historical lows,” the report said.
Information sharing, the need for better IT management techniques and relatively flat employment levels are major drivers affecting federal IT spending. For cost savings, agencies will move forward with IT infrastructure optimization and virtualization in addition to consolidation, Input said.
“Although the anticipated growth rates are below the historical average, government’s increasing reliance on technology sustains momentum in IT spending, especially as it relates to increasing efficiency and reducing operational costs,” said Richard Colven, vice president of industry analysis at Input.
“The spending environment may seem gloomy, but in light of fiscal and economic conditions, IT spending growth remains healthy,” added principal analyst John Slye.
“The government’s ability to face its challenges in the coming years will hinge on its ability to develop, manage, share and secure a solid technology environment,” Slye said. “We expect federal agencies will be paying a lot of attention to their technology, even if only to figure out how to drive costs out of steady-state operations to free up funding for new work.”
The report analyzed trends in the federal IT market using the fiscal 2009 IT budget request recently released by the Office of Management and Budget.
Input’s annual assessments of the federal market for IT products and services includes spending by organizations in the three branches of government, quasi-government agencies and the intelligence community.
Let's hope they're all FDEs !!!!!
Seagate to ship 1 billion hard drives in 5 years
3 Jun, 2008, 1907 hrs IST, PTI
http://economictimes.indiatimes.com/Infotech/Software/Seagate_to_ship_1_bn_hard_drives_in_5_years/articleshow/3096936.cms
Seagate Technology on Tuesday said it plans to ship one billion hard drives globally in the next five years.
Seagate claims to be the first hard drive manufacturer worldwide to have shipped one billion hard drives till date.
"Although it took 29 years for us to reach the 1 billion milestone, the company will ship its next billion in less than five years," Seagate Managing Director (Asia-Pacific) Ban Seng said.
Seagates touches the billionth mark as the demand for hard drive shipments continue to increase.
According to Gartner Group, last year alone over 500 million drives were shipped, compared to 1990, when slightly less than 30 million were shipped. The company is also betting big on the home users. The digital content explosion creates a huge demand for storage, he added.
Analysts estimate that there are over 1 billion digital still and phone cameras in the world and that those devices accounted for 250 billion created images in 2006. It is predicted that user-generated content sites (like Flickr and YouTube) would produce 65 billion downloads and views by 2010.
"Digital content proliferation is a long-term phenomenon," according to John Rydning, IDCs Research Director for hard drives. "This phenomenon is pushing demand for hard drives to more than 600 million units per year by 2010 and will continue to fuel hard drive demand in the decade ahead."
TCG: Letter from the President
This month marks an important milestone in the history of the Trusted Computing Group. We're expanding the list of Promoter members for the first time in about two years. And we're adding not just one new Promoter, but two. I'm very pleased to welcome Seagate Technology and Wave Systems Corp. as new TCG Promoters. Both companies currently hold elected positions on the TCG Board of Directors, and they have been active leaders in the organization for some time. I look forward to their continued contributions in helping to lead TCG for years to come.
If you haven't done so already, please register for the TCG Members Meeting to be held soon in Nice, France. Our summer meetings in Europe are usually well-attended, and I expect that this will be no exception. Come for the meeting, and plan to stay a few extra days to see everything that the South of France has to offer.
Scott Rotondo
TCG President & Chairman
New Trusted Network Connect (TNC) Work Group IF-MAP 1.0 Specification Announced And Demonstrated At Interop 2008 To Critical Acclaim
To solve current and emerging problems in network security, a wide variety of systems are required to share data about users, devices, policies and behavior - so called network "metadata" - in order to make effective decisions and take appropriate actions to enforce policies. Today, gathering and sharing metadata among disparate systems is complex and costly, and often requires ad-hoc system integration.
IF-MAP Enables NAC 2.0 and Other Applications
On April 28th, TNC Work Group announced new extensions to the TNC Architecture, captured in Version 1.3, which defines the necessary components to meet use-cases for NAC 2.0 including the securing of non-PC devices such as phones, cameras and inventory control devices which are connecting to TCP/IP networks. The technical corner stone of TNC's NAC 2.0 architecture is the IF-MAP 1.0 specification. IF-MAP is a new core network service, analogous to DNS, that allows virtually any system to share and receive meaningful information essential to bolstering network security. This may eventually enable network location services, supply chain visibility and other applications, to name a few.
Interop 2008 (Las Vegas) IF-MAP Demonstration Successful
As part of the announcement, TCG members and early IF-MAP adopters including ArcSight, Aruba Networks, Infoblox, Juniper Networks, Lumeta Corporation and nSolutions, Inc. participated in a four day live IF-MAP demonstration at Interop 2008 which generated tremendously positive reactions and interest from show attendees, technical press and many non-TCG member companies. As evidence of the ease of adopting IF-MAP, several of the TCG member companies participating in the demonstration were able to integrate IF-MAP into their solutions within the two weeks preceding the tradeshow. Contact information from several hundred attendees was collected at the new TCG tradeshow booth where the IF-MAP demonstration was held and several hundred Interop participants were made aware of IF-MAP during the pre-conference NAC Day tutorial. The specification, whitepapers and related press activity from this event can be obtained from the Interop Las Vegas 2008 page on the TCG website.
TCG Expands Promoter Membership
The TCG Board of Directors would like to congratulate Seagate Technology and Wave Systems Corp. for being invited to join AMD, Hewlett-Packard, IBM, Infineon, Intel Corporation, Lenovo Holdings Limited, Microsoft and Sun Microsystems as Promoter members of the Trusted Computing Group. Dr. Robert Thibadeau of Seagate Technology and Brian Berger of Wave Systems Corp. will serve as their company’s Board of Directors representative. Congratulations to these companies for their outstanding dedication and efforts to further Trusted Computing.
Trusted Computing: Tune In, Turn It On
A new research report entitled, "Trusted Computing: Tune In, Turn It On" published by Aberdeen Group, a Harte-Hanks Company (NYSE:HHS), reveals that organizations that have deployed applications based on trusted computing infrastructure exhibit superior capabilities in security governance, risk management and compliance compared to other respondents. The term "trusted computing" refers to applications that leverage hardware-based "roots of trust" at the edge of the network and at the endpoints - sometimes referred to as "hardware anchors in a sea of untrusted software" - for higher assurance.
…”more than 50% of existing desktop PCs and laptop PCs, and more than 75% of existing network endpoints and policy enforcement points, can support trusted computing as currently deployed…”
Excerpt from "Trusted Computing: Tune In, Turn It On, a research report by Aberdeen Group.
TCG Specifications Announced
The TCG has announced the availability of the following new specifications:
PC Client Work Group:
· TCG Platform Reset Attack Mitigation Specification, Version 1.0, Revision 1.0
TNC Work Group:
· TCG Trusted Network Connect (TNC) Architecture for Interoperability Specification, Version 1.3, Revision 6
· TCG Trusted Network Connect (TNC) IF-MAP Binding for SOAP Specification, Version 1.0, Revision 25
To view all of the TCG’s specifications, visit the Specification page.
TCG Resources
Specifications
· Trusted Network Connect (TNC) IF-MAP Announcement FAQ
· Network Industry and IT Support for Trusted Network Connect (TNC) and its IF-MAP Specification
· Trusted Network Connect (TNC) - Spring 2008 Update
White Papers
· Trusted Platform Module (TPM) Summary
· Enterprise Security: Putting the TPM to Work
· The Trusted Platform and How to Use It In the Enterprise
· Controlling Network Access and Endpoints
Trusted Computing Helpful Information
· TCG Open Source Resources and References
· Trusted Computing: Tune In, Turn It On - Aberdeen Group
· A Practical Guide to Trusted Computing - Written by David Challener, Kent Yoder, Ryan Cathermann, David Safford and Leendert van Doorn
More Companies Join the TCG
TCG continues to attract participation from computing industry leaders world-wide. The following new members have joined the TCG in support of open industry architectures and Trusted Computing:
· ArcSight, Inc.
· Big Fix, Inc.
· Bundesamt für Sicherheit in der Informationstechnik
· CMS Products
· Great Bay Software, Inc.
· Lumeta Corporation
· Mobile Armor
· Nanjing Byosoft, Ltd.
· nSolutions, Inc.
· Rohati Systems
· Siemens AG
· Thales Communication
TCG now has more than 135 members; for a complete list visit: https://www.trustedcomputinggroup.org/about/members/.
Become a Proud Member of the TCG
Is your company interested in joining the Trusted Computing Group? To learn more about the benefits of a TCG membership, please visit the Join Us section on the TCG website or contact TCG Administration to request a Membership Agreement.
Simplified Drive Encryption for Dell Latitude Notebooks
From a PDF on Wave's website
Dell™ Latitude™ D630 and Latitude D830 notebooks
with Seagate® Momentus® hard drives and EMBASSY®
management software from Wave Systems offer a
comprehensive, simplified, hardware-based encryption
solution to help protect critical data.
Deploying encryption in an enterprise environment
can be critical to maintaining
effective security, but can also be complicated
to set up—requiring significant advance planning,
coordination, and time. To help simplify this
task, Dell Latitude D630 and Latitude D830 notebooks
with Seagate Momentus FDE.2 hard drives
and EMBASSY management software from Wave
Systems allow administrators to rapidly set up and
enable hardware-based drive encryption and bypass
time-consuming procedures such as running the
chkdsk utility—a process that can potentially take
several hours on a typical 160 GB drive.
These data protection features are designed to
be not only powerful, but also easy to use, comprehensively
integrated, and scalable. The drive is
designed to encrypt all files copied to it with a key
stored in a secure area of the drive, without the performance
overhead associated with software-based
solutions for secure read and write operations. For
end users, a provided password can be easily synchronized
with an existing Microsoft® Windows® OS
password, helping minimize the need for training
and help-desk assistance and potentially making
data protection as simple as closing the notebook
after use. For administrators, robust reporting tools
can provide detailed event logs indicating whether
preboot authentication has been enabled, helping
make supporting users at remote locations as easy
as supporting those at an enterprise’s headquarters,
and helping prevent users or remote administrators
from inadvertently compromising data security.
And because the drive encryption is designed to
be constantly enabled, these features also help simplify
compliance with data protection laws and
regulations.
Assessing the network environment
EMBASSY management software from Wave
Systems works in tandem with Seagate Momentus
FDE.2 drives in Dell Latitude D630 and Latitude
D830 notebooks to help maximize security in environments
based on Windows operating systems
and the Microsoft Active Directory® directory service.
EMBASSY Remote Administration Server
(ERAS) is designed to integrate into existing Active
Directory domains, essentially adding a second
layer of protection to these Latitude notebooks by
adding user-based authentication to the drive. A
simple administration console allows administrators
familiar with Microsoft Management Console (MMC)
snap-ins for Active Directory to easily grant permissions
to existing users and perform many other
drive-related tasks.
Typically, a simple way to implement this technology
in an existing infrastructure is to acquire Latitude
D630 and Latitude D830 notebooks from
Dell and select the encrypted hard drive
option during purchase, which includes a
Seagate Momentus FDE.2 drive and preconfigured
EMBASSY Trusted Drive Manager
(TDM) client components in the system.
ERAS is also available through Dell. After
adding the client to the domain, administrators
can remotely initialize the drive and
manage it through ERAS. For existing
Latitude D630 and Latitude D830 notebooks
as well as Latitude models D530,
D531, D620, D631, and D820, administrators
can replicate the contents of a standard
drive to a Seagate Momentus FDE.2 drive
and install the TDM software, enabling the
system to communicate with ERAS for further
configuration.
Creating a robust
management infrastructure
ERAS enables administrators to manage
Dell Latitude D630 and Latitude D830
notebooks with Seagate Momentus
FDE.2 drives across a network within a
domain (see Figure 1). Using ERAS
requires the following:
■■ Any edition of the Microsoft Windows
Server® 2003 OS with Service Pack 1
(SP1) or later
■■ A system running Windows Server
2003 or Windows XP with SP2 and
the MMC snap-in (to utilize the remote
console)
■■ MMC 3.0
■■ Microsoft Group Policy Management
Console 3.0
■■ Microsoft SQL Server® 2005 Express
Edition, Standard Edition, Workgroup
Edition, or Enterprise Edition database
platform
■■ Microsoft Internet Information Services
(IIS) 6.0
■■ Microsoft .NET Framework 2.0
■■ Microsoft ASP.NET 2.0 Web Service
extension enabled in the IIS Web services
extension list
■■ Microsoft Windows Support Tools
After ERAS has been installed on a
Windows Server 2003 system, administrators
should configure the server and client
systems to belong to the same domain.
Installing ERAS on the server requires a
local administrator with administrative
privileges in SQL Server and domain privileges
to create the required accounts and
user groups and make entries in Active
Directory. Administrators can integrate
ERAS with Active Directory or manage it
through an XML ERAS policy file in conjunction
with the SQL Server database.
After the TDM software has been installed
on the Latitude D630 or Latitude D830
notebook, administrators can use Group
Policy to push a Windows Management
Instrumentation (WMI) file down to these
client systems, and then use the ERAS
console to manage them (see Figure 2).
Configuring and managing
encrypted clients
ERAS is designed to support Dell Latitude
D630 and Latitude D830 notebooks
through their complete life cycle, from
drive deployment to management to
disposal. The first step in activating the
drive encryption is to set up preboot
authentication, which administrators can
do by initializing the drive. Users must
then log in during the preboot process to
gain access to the drive. Administrators
can provide multiple users with access to
a given client system, or use the drive
properties window in ERAS to perform
other management functions.
Administrators can use the Security
Control window in ERAS (accessed
through the drive properties window) to
access the cryptographic erase feature,
which allows them to quickly erase drives
remotely from the server to help prevent
dissemination of confidential information
on an encrypted Latitude D630 or Latitude
D830 notebook. They can then rapidly
re-image and redeploy the drive—a task
that may take several hours with typical
software-based disk encryption.
When end users forget their password,
administrators can also use the ERAS
Security Control window for password
recovery to help regain drive access, a feature
that does not require a connection to
the network. The ERAS Help Desk feature
also offers a way for end users to retrieve
passwords by providing direct physical
access to the server through a standard
Web browser, a feature that can typically
be used on any system connected to the
domain (see Figure 3). For example, administrators
might provide this designated
access to an office manager when the
normal IT staff members are not available.
Administrators can also use ERAS to
manage embedded security technology for
Trusted Platform Modules (TPMs). TPMs
are chips integrated into select Dell systems
that function like embedded smart
cards, and can be used to generate encryption
or authentication keys and help
securely store certificates and other critical
information. ERAS offers similar initialization
and management features for TPMs as
it does for the encrypted drives in Latitude
D630 and Latitude D830 notebooks.
By combining both technologies, ERAS
helps provide a comprehensive solution for
securing enterprise systems.
Protecting critical
enterprise data
Deploying drive encryption has typically
been a time-consuming task for
enterprise IT administrators. Dell
Latitude D630 and Latitude D830 notebooks
with Seagate Momentus FDE.2
hard drives and EMBASSY management
software from Wave Systems offer a
comprehensive, simplified solution for
securing client systems, enabling administrators
to rapidly deploy and manage
encrypted drives to help protect critical
enterprise data.
Brian Berger is the executive vice president
of marketing and sales for Wave
Systems, where he is responsible for developing
and implementing the company’s
trusted computing strategy. Brian is a
director for the Trusted Computing Group
and serves as chair of the organization’s
Marketing Working Group. He holds several
patents, has a B.A. degree, and
attended the Harvard Business School
Executive Education program.
Figure 3. Help Desk Web browser–based interface for EMBASSY Remote Administration Server from Wave
Systems
QUICK LINK
Dell Latitude notebooks:
DELL.COM/Latitude
“The drive is designed to encrypt all
files copied to it with a key stored in
a secure area of the drive, without the
performance overhead associated with
software-based solutions for secure
read and write operations.”
Sony, Cable Firms Plan TVs Minus Set-Top Boxes
(From THE WALL STREET JOURNAL)
By David B. Wilkerson
Sony Corp. and six of the biggest U.S. cable operators announced an
agreement to create digital televisions capable of receiving cable service
without a set-top box.
Sony signed a pact with Comcast Corp., Time Warner Cable Inc., Cox
Communications, Charter Communications Inc., Cablevision Systems Corp. and
Bright House Networks to develop technology that will allow consumers to
eliminate set-top boxes, yet still receive basic as well as advanced cable
services, such as pay-per-view movies.
The technological standard should enable a new generation of TV sets to
include video-on-demand, digital video recording, interactive programming
guides and other services, the National Cable & Telecommunications Association
said Tuesday. By eliminating the set-top box, cable companies can simplify
installation and reduce costs, while consumers can worry about one less
component in their home-theater systems.
It wasn't clear what impact the development will have on set-top box makers
such as Motorola Inc. and Cisco Systems Inc., the parent of Scientific
Atlanta.
Through the agreement, cable operators say they will be able to develop and
offer new services in competition against telephone companies and satellite
providers.
Sony and the cable operators will adopt a Java-based application called
tru2way as the nationwide interactive standard, which will allow for the
manufacture of new "plug-and-play" interactive devices that can be used with
TV sets.
The technology could also make it easier for consumers to receive the full
range of cable-based services on other devices, such as laptops, MP3 players
and cellphones.
Tomorrow
Industry Events
LinuxTag 2008
May 28 - 31, 2008
Berlin, Germany
TCG will be exhibiting in Stand # 202 during LinuxTag, Europe's leading exhibition on Linux and Open Source taking place from May 28 - 31, 2008 at Messe Berlin Fairgrounds. The international event (conference languages are English and German) attracts about 10,000 visitors ranging from IT managers, developers, system administrators to users and those interested in new and exciting Open Source solutions.
David Grawrock, Intel Corporation and David Safford, IBM will speak during the Trusted Computing Track taking place on Thursday, May 29, 2008.
Analyst says Intersil causing Intel chip delays
By The Associated Press
Last Updated: 10:46 AM EDT May 27, 2008
NEW YORK (AP) _ Glitches at chip supplier Intersil Corp. are causing delays in the rollout of Intel Corp.'s Montevina notebook chipsets, Jefferies & Co. analyst John Lau warned Tuesday.
Lau said in a note to investors that Intersil is facing minor bugs in the graphics portion of its Montevina notebook chipsets, which could slow the rollout of the Montevina products by about two months. Any delay would prolong the life of Intel's existing Santa Rosa notebook platform, he said, which would help Santa Rosa chip supplier Anadigics Inc.
His checks also found distributor discontent with Intersil's pricing and product allocation, since with Intersil focusing on higher margin server business, the company has notified some distributors that allocation may again be tight for desktop and notebook chips in the second half of the year, and it wants more orders up front.
"As a result, we have detected that ON Semiconductor has won some NB designs at Lenovo and Dell away from ISIL," Lau wrote. "We are also seeing Texas Instruments getting more aggressive in the analog (power management chip) products."
Snackman,
I think we could see some news before the opening tomorrow!
FM
vacacasa, great find!! e/
DHS issues biometrics RFI
By Alice Lipowicz
The Homeland Security Department is seeking industry help to meet its long-standing requirement for a biometrics-based exit program for foreign visitors leaving the country by land.
The department has issued a request for information for its U.S. Visitor and Immigrant Status Indicator Technology (US-VISIT) Biometric Land Exit Solution.
Currently, visitors to the United States who are traveling on visas must provide fingerprints and a photograph when applying for their visas. Their fingerprints are verified when they enter the country.
But despite Congress’ urging in recent years to implement a program to check fingerprints again when travelers leave the country, such biometric verifications are not performed.
US-VISIT program officials are seeking information to help implement a program to collect biographic and biometric information from travelers when they exit the country by land. The program must not cause undue inconvenience and delays at the borders, the RFI states. DHS has initiated separate rulemaking for air and sea departures.
Respondents are asked to identify potential technologies, devices and procedures that could provide a biometrically verified data collection system for any or all of the 167 land ports of entry. The goal is at least 97 percent accuracy.
Responses are due by July 16. US-VISIT officials plan to hold an industry briefing on June 30 to discuss the solicitation.
DHS might issue a request for proposals as early as January 2009 to acquire a solution, but there is no guarantee of a contract resulting from the RFI.
Is this a new Wave presentation?
http://www.wave.com/solutions/Wireless_Security_802.11i/player.html
Great Bay Software Joins Trusted Computing Group (TCG)
Posted : Tue, 20 May 2008 15:49:55 GMT
Author : Great Bay Software
GREENLAND, NH -- 05/20/08 -- Great Bay Software, the innovator of Endpoint Profiling for enterprise networks, announced today it has joined the Trusted Computing Group. Great Bay Software's membership in TCG is part of the company's continuing commitment to interoperating with existing and emerging standards in the areas of network-based authentication, Network Admission Control, and Trusted Computing. The Company will participate in the development of next generation of open standards and technology for secure computing and contribute its expertise to support and develop information assurance technologies that will protect critical information and assets.
"We are pleased to have Great Bay Software as part of the industry influencers supporting the TCG," said Steve Hanna, Chair, co-chair of the Trusted Network Connect work group, Trusted Computing Group. "Great Bay Software's participation in evolving TCG standards will provide valuable expertise in enabling and extending NAC and 802.1X and help proliferate our open approach to trusted and secure IT computing."
"Our decision to join TCG at this time is driven by two factors; one is that our customers have made it clear that they require standards based solutions wherever possible, and the second is that TCG's expansion into a broader range of use cases and into the operational aspects of deploying and managing a secure network are areas where Great Bay has a strong base of experience and expertise," said Steve Pettit, president of Great Bay Software. "Great Bay Software's specific attention to discovering and provisioning non-authenticating devices and on behavior monitoring as a complement to network-based authentication are where we'll have the most impact on the standardization process."
About Great Bay Software
Great Bay Software, Inc. is a leading software development firm specializing in Enterprise Endpoint discovery, identity, and administration. The company's flagship product, Beacon Endpoint Profiler(TM), features applications including the enabling and extending of NAC and 802.1X, providing a comprehensive inventory of all network attached endpoints, and supporting Compliance initiatives mandated in today's business climate. For more information on the Beacon system from Great Bay Software, please visit www.greatbaysoftware.com or call 800.503.1715.
New!!
INTRODUCTION
The following FAQs are provided as an aid in understanding and interpreting the July 3, 2007 DoD Policy Memorandum “Encryption of Sensitive Unclassified Data at Rest on Mobile Computing Devices and Removable Storage Media”.
5. Why is the Trusted Platform Module (TPM) being mandated in this memo?
The TPM paragraph was inserted into this memo to ensure all new DoD computer assets have this module since there are many future software products that will use the security features of the TPM. Supporting TPM is a desirable requirement at this time since many DoD components want to leverage its capabilities in the future for the protection of DAR on mobile computing devices. Legacy systems will not be required to be retrofitted with TPM. Based upon Service inputs, TPM is already being mandated by some Services, it’s readily available on the commercial market, and in most cases is standard on new computer equipment.
Papa Gino's Goes Biometric
http://www.darkreading.com/document.asp?doc_id=154109&WT.svl=news2_1
Password nightmares led fast food chain to convert to Trusted Computing fingerprint scans
MAY 16, 2008 | 2:00 PM
By Paul Korzeniowski
Contributing Editor,Dark Reading
It had become an annual event: Papa Gino’s calling up temporary workers to reconstruct work sitting on users’ computers. The army of reinforcements was required because employees had forgotten their passwords to access encrypted information stored on their systems.
The process also had become a major productivity drain for the New England-based Papa Gino's Holdings Corp. fast food chain, with 170 Papa Gino's Restaurants, and anywhere from 8,000 to 10,000 employees, depending on the season. Employees work at its central office in Dedham, Mass., as well as at its eateries. Because of the enterprise’s distributed nature, many journey from site to site to complete their chores, so they need to protect sensitive information, such as store sales data, and were encrypting the information. “Each year, we literally had thousands of encrypted files that users could not open,” says Chris Cahalin, manager of network operations.
Rather than enhancing its security, encryption diminished it: Some employees would leave their computers in their cars on their travel to remote locations so they wouldn’t have to go through hassle of trying to figure out forgotten passwords.
Papa Gino’s had been on the lookout for a solution to the problem, and was interested in the Trusted Computing model, which is based on dedicated hardware chips, called Trusted Platform Modules (TPMs), to secure information. In this case, the user relies on a unique identifier, such as biometrics, to open a system rather than a password.
The restaurant chain talked with various hardware suppliers about their support of this approach. “We had been an HP shop and examined their desktop and laptop products,” Cahalin says. Their TPMs were limited: They only worked with HP devices. Also the desktop system was shipping, but the laptop product was still in development. IBM also had begun to develop TPMs. While its technique could encrypt files, it did not allow users to do that with folders. IBM’s approach was a bit more open than HP’s, was but would have required that Cahalin track which microprocessor each computer was using, a task he wanted to avoid. The restaurant chain decided that Dell offered the most open, robust TPM solution.
So in the spring of 2005, the fast food enterprise purchased software from Wave Systems Corp. for encryption. The company’s Embassy Key Management server provides backup and monitoring of the encryption keys, and its Embassy Authentication Server supports multi-factor authentication.
Papa Gino’s considers its endpoints more secure now, and users are more willing to use their laptops when they work remotely because they need only swipe their fingerprints for authentication, and no longer need to remember easily forgotten passwords.
Since making its initial investment nearly three years ago, Papa Gino’s has been rolling out TPM systems in a piecemeal fashion, upgrading users’ computers whenever they are ready for the scrap heap. Initially, the company was spending $40 per device to add TPM functions to each Dell system, but that feature is now included in all new hardware.
Cahalin says the restaurant chain would like to see the expansion of TPM solutions to mobile items, such as cell PDAs. “I would like to use TPM-protected email certificates on my BlackBerry,” he says.
Meanwhile, the TPM rollout should be completed by the end of this year, and the only folks unhappy with the change are the now unneeded temporary workers.
Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.
Wave Systems Corp.
Dell Inc. (Nasdaq: DELL)
Hewlett-Packard Co. (NYSE: HPQ)
IBM Corp. (NYSE: IBM
Good Grief!! Security concerns spur agencies
to limit use of thumb drives
http://federaltimes.com/index.php?S=3528598
By COURTNEY MABEUS
May 14, 2008
Two years ago, thumb drives containing sensitive information about U.S. soldiers, interrogators and interrogation methods turned up for sale in a bazaar outside a military base in Bagram, Afghanistan.
Around that same time, a thumb drive containing classified information belonging to the Los Alamos National Laboratory turned up during an unrelated drug raid of a lab contractor’s apartment.
And last month, a contractor who had been working on computers at the San Antonio Marine Corps Reserve Center pleaded guilty to selling a thumb drive containing Social Security numbers and names of military personnel for $500 to an undercover FBI agent posing as a foreign government official.
“Technology changes and it always takes effort to stay abreast of [those] changes and how that affects the processes and plans in place,” said Randall Easter, who oversees encryption standards at the Commerce Department’s National Institutes of Standards and Technology (NIST). “I think that’s just a constant thing that needs to be addressed. That’s the nature of [information technology] — it keeps getting smaller, better and faster.”
There is no blanket policy guiding how agencies should use thumb drives, but since 2006, the Office of Management and Budget has required that sensitive information — including personally identifiable information such as Social Security numbers — be encrypted on any device being removed from a federal office. But because of the drives’ small size, tracking their removal is difficult — most are not found by metal detectors, experts say. In the face of some embarrassing data breaches in recent years, agencies have been left to answer how best to manage their use.
Thumb drives, the successor to floppy disks but with more storage space, work by plugging into USB — Universal Serial Bus — ports now standard on most computers. Gartner, an IT and research firm, expects as many as 180 million of the drives will be sold in the U.S. this year. About 900,000 of those will be sold to federal agencies, said Joseph Unsworth, a research director for the company.
Agencies’ interest has been “pretty slow thus far,” Unsworth said, “and a lot of that has to do with security features.”
Government, he said, “didn’t know how to manage these new types of technology and, while not complex, there haven’t been the solutions available to minimize your risk. … This is something that is going to need to be increasingly watched and governed by government because of the risk.”
The Veterans Affairs and Homeland Security departments, for example, issue and restrict use of thumb drives to only those employees who need them, officials for both departments said. Both departments use software that locks out any unapproved, unencrypted drives, officials said.
Even before the Los Alamos case, employees there were restricted from using personal drives. The lab has since instituted a random search policy that anyone on the campus can be subjected to at any time. It has also reduced the amount of its electronically held classified holdings, said spokesman Kevin Roark.
“All electronic devices are banned, no matter who owns them,” Roark said.
The agency also monitors network downloads to USB ports, he said.
“Either your USB ports are blocked or removed if you don’t need them or, if you do need them, they’re monitored,” Roark said. “There’s always been monitoring of our networks, but now we specifically look for recording devices. It’s much more rigorous now.”
The greater use of encryption and monitoring software is the only way to ensure data security while still allowing for the flexibility thumb drives can provide, said Johannes UIlrich, chief research officer for the SANS Institute, a Maryland information security training firm. Monitoring software and encryption technologies are a first line of defense, he added.
“That’s a fundamental rule here, nobody is trusted,” Ullrich said.
The Nuclear Regulatory Commission, so far, has relied on trust. Chief Information Security Officer Patrick Howard said employees have been allowed to use personal drives but are trained to encrypt any files before they are placed on a removable drive.
“It’s up to them [the employees] when you get right down to it,” Howard said. “You have to trust your employees when it comes to policy.”
And, though the agency has not had any reports of data breaches resulting from a thumb drive, Howard said, there is a sign that that trust is wavering. The agency is in the process of ordering encrypted thumb drives that it will issue to only those employees who need them. Once those drives arrive, the NRC intends to ban use of personal drives and is looking into installing monitoring software, he added.
“That way we have more assurance that it’s the proper encryption and it takes some of the responsibility out of the user’s hands,” Howard said.
Wavedoctor,
Kiwi must be unaware that the xbox contains a TPM, so I believe there is some relevance here.
Pentagon seeks advice on classified systems
http://www.gcn.com/online/vol1_no1/46264-1.html
A military cryptology organization has asked the vendor community for advice on some of the technology options available to help upgrade the government’s classified communication systems.
The Cryptologic Systems Group's Cryptographic Modernization Program Office at Lackland AFB, Texas, issued a request for information (RFI) recently regarding multilevel security (MLS) and multiple independent levels of security.
Both of those technologies cover systems that can handle classified information that falls into multiple security categories, including the traditional top-secret-and-above and secret-and-below, in addition to the security barriers between information domains operated by Pentagon agencies and foreign allies.
Federal agencies often issue RFIs as they prepare procurement programs for information technology goods and services and other items.
RFIs can provide useful insights into government agencies' potential future procurement activities, but the requests do not commit agencies to specific purchases. Also, the agencies frequently modify their procurement plans based on information they gather via the RFI process. Information that prospective vendors provide can alert agencies to newly available technologies, potential stumbling blocks or likely dead ends in the IT acquisition process.
The National Security Agency is the Pentagon's lead agency for code development, or cryptography, and code breaking, cryptanalysis.
The multilevel crypto work falls under a program run by the Air Force, but technologies the modernization program develops likely will be deployed across various offices in the military and intelligence communities when they receive certification and accreditation from NSA.
The May 7 information request includes an annex that describes the government’s multilevel crypto IT interests more fully.
Some of the pivotal areas of interest are:
Aspects of MLS technologies that could be formulated into industry standards to provide greater efficiency in producing solutions.
How the Trusted Platform Module (TPM) can be used by a real-time operating system.
Specific components that would benefit from Application Specific Integrated Circuits (ASICs) produced by the DOD Trusted Foundry.
The RFI shows how parts of its multilevel IT security description overlap with existing NSA projects. NSA's NetTop and High Assurance Platform (HAP), for example, rely on some of the same technologies that the information request provides.
For example, the TPM that the RFI refers to forms a part of the HAP standards and specifications package. That package helps define how multilevel systems guard classified information from improper release or exploitation, including:
Asymmetric key generation.
Data encryption and decryption.
Handling the keys that TPMs sign and exchange.
The prospect that multilevel systems could use ASICs produced by the Pentagon's own integrated circuit factory, or foundry, points to the crypto community's preference for embedding security features into chips and boards rather than using software to do so.
Intelligence community technology specialists saythat preference has gained traction because of the increasingly large and sophisticated malware attacks on DOD systems.
The RFI points to the crypto community's drive to create technology standards that would help IT specialists upgrade system security and lower the cost of developing future generations of classified systems.
Hey DW,
Believe it or not, you make some great points, some of with which I agree. All I'm saying is that I don't think your efforts to keep the heat on management has produced tangible results. Individual investors will not be able to pressure management. I believe that can only come from grassroots efforts from a consortium of shareholders. Now, if you think I'm wrong because you have exerted some influence on SKS or the board, let me know
DW, I don't think it would be an understatement
to say that your attempt to exert any pressure on Wave or its management have been, to date, non-consequential. Trust me!!
Doublewide: No way am I taking the heat off
him until my stock starts to go up.
Could you kindly tell our readers how, exactly, you've put the heat on him???
From Taglich:
Estimate Analysis: Top and bottom line results fell short of our expectations. Management stated that based on
observed trends the Company’s first quarter results are likely to be seasonally slow. Also, the Company stated
that sales were only modest for two specific revenue generating areas – full disk encryption drives and enterprise
upgrades to full license software seats. Operating expenses were approximately $0.531 million higher than our
expectation. The shortfall in top line results and higher expenses were the primary reason why the net loss was
approximately $1.045 million larger then we had anticipated.
Rating: Currently, we are maintaining our Speculative Buy rating on Wave Systems.
Risks: Please review our latest research report (April 15, 2008) for a summary of the principal risks underlying the
stock.
Microsoft launches video on Messenger
http://uk.reuters.com/article/internetNews/idUKL1271038920080513
Implications for WavExpress??
LONDON (Reuters) - Microsoft Corp has launched a new online service in 20 countries which will allow users to watch video clips at the same time as a network of friends and chat via Windows Live Messenger.
The new service called Messenger TV will offer a range of clips on MSN Video including MTV shows and music clips from providers such as Sony BMG.
The firm hopes the ability to watch clips with friends on different computers will create a new social experience and attract users who already spend hours on social networks.
"Online video has exploded in popularity over the last year, but to date it has been something people watch on their own. Messenger TV is set to change all that," said John Mangelaars, the vice-president, EMEA, of consumer and online for Microsoft.
"Watching video online can now be a social experience, as people watch videos together, make comments and share reactions."
The service will launch in 20 countries including many European countries, New Zealand, Australia, Singapore, Brazil, Canada and Mexico but not the United States.
NSA authorizes Seagate self-encrypting HD for government use
http://www.betanews.com/article/print/NSA_authorizes_Seagate_selfencrypting_HDD_for_government_use/1210711497
Seagate's Momentus 5400 FDE.2 HDD has been approved for one of the most demanding security standards in the US government, the National Security Telecommunications and Information Systems Security Policy (NSTISSP) #11.
This marks the second time a federal agency has honored Seagate's product with security accreditation. Last Year, the National Institute of Standards and Technology (NIST) gave certification to Seagate's Advanced Encryption Standard (AES) encryption algorithm. This transparent hardware-based encryption powers the Momentus hard drive.
Momentus 5400 FDE.2 2.5", 1.5 Gbps SATA drive is offered to consumers in 80, 120, and 160 GB sizes, and can now be deployed in US Government agencies and contractors working in issues of National Security thanks to the NSA clearance and helped by the NIST certification.
In the last three years, the FBI has reported the loss of 160 laptops, with as many as 51 containing classified or sensitive information, The State Department misplaced $30 million worth of laptops containing anti-terror information, and the Commerce department lost 1,137 laptops. The government loses sensitive information on such a grand scale that one begins to wonder if Seagate's encryption would be a band aid applied to a severed artery.
Sure, the drives require pre-boot authentication, maintain hashed passwords, offer on-the-fly erasure, and emergency password recovery files are kept on a separate drive. But if all the thousands of already missing laptops used self-encryption such as that employed by Momentus HDD, the government might have to adjust the way it accounts for data loss, since its loss may no longer necessarily be someone else's gain.
alea, perfect summation!!bravo post. e/
Where are you getting that info??
The after-hours price seems to be holding ...........
if that means anything.
Anyone remember this exchange last March?
... so up to this point, there's been revenues coming in for two and a half months, are we on par with quarter four or ahead?
SKS: We're ahead of quarter four.
Ispro, internet just raised a good point......
In today's PR, it is stated that, "As of March 31, 2008, Wave had cash and equivalents of approximately $1.5 million and no long-term debt."
Assuming a burn rate of $7.5 miliion per Q, $2.5 per month, Wave should have been out of money in mid-April. Are they? Are Q2 numbers that good? Have there been upfront development fees or royalties paid? This would be a great question for the CC
We have already received more upgrade orders in Q2 than we received in all of Q1 2008.
Finally! Adoption announcements
CBI Health
"As one of the largest healthcare services and management providers in all
of Canada, with more than 2,300 clinical and support providers on staff, it's
our obligation to safeguard our patients' information and take proactive
measures to mitigate the risk of data breach. Wave offers a technically
progressive solution that was compelling when compared to the other market
offerings." said Ken Waring, Director of IT at CBI (Canadian Back Institute)
Health, a network of more than 135 community- and hospital- based
rehabilitation, medical and healthcare facilities. "Wave's software, which
manages both the Seagate Momentus full disk encryption drives and the Trusted
Platform Modules on these PCs, is integral to our corporate security strategy
going forward. We chose Wave because of its ease of use, low total cost of
ownership and their strategic relationship with Dell."
AdaptaSoft
"As providers of software and services for payroll providers, we understand
the importance of keeping client and employee information secure. We evaluated
data protection solutions from other vendors, but early on we were sold on the
inherent advantages of hardware-based encryption for our mobile data. That's
why the clear choice was Wave--their product was in a class above all others,"
noted David Virkler, Chief Information Officer at AdaptaSoft Inc. based in
Francesville, IN. "All of our future laptops will include Wave's software,
TPM's and FDE hard drives from Seagate. With Wave's EMBASSY Remote
Administration Server, we've been able to manage Seagate's drives and the
Trusted Platform Module security chips in our organization. We chose Wave
because they had the enterprise infrastructure in mind when they designed
their solution, thus enabling a low-touch, fully functional, data protection
solution."
Wave Q1 2008 Revenues Rose 32% to $1.7 Million on Continued Growth in Bundled PC OEM Software Royalties
Shipments of Bundled Wave Software Reached over 27 Million Units
and Continued to Grow Each Month
Wave Starting to See Meaningful Software "Upgrade" Billings in Q2
2008
LEE, Mass.--(BUSINESS WIRE)--May 12, 2008--
Wave Systems Corp. (NASDAQ: WAVX):
Conference call: Today, Monday, May 12, 2008 at 4:30 P.M. ET
Webcast / Replay URL: www.wave.com or www.earnings.com
Dial-in numbers: 212-896-6169 or 415-537-1810
Wave Systems Corp. (NASDAQ: WAVX; www.wave.com) today reported results for
the first quarter (Q1) of 2008 and provided an update on corporate progress
and developments.
Reflecting an increase in license revenues, Wave's Q1 2008 net revenues rose
32% to $1.7 million, compared to Q1 2007 net revenues of $1.3 million. Wave's
improvement in license revenues was principally due to royalties earned from
increased shipments of Wave software by Wave's leading OEM partner. Gross
profit for Q1 2008 rose to $1.5 million compared to $1.1 million in Q1 2007,
reflecting the higher level of sales.
For Q1 2008 Wave reported a net loss of approximately $6,010,000, or $0.12
per basic share, compared to a Q1 2007 net loss of approximately $5,046,000,
also $0.12 per basic share. Per share figures are based on a weighted average
number of basic shares outstanding in the first quarters of 2008 and 2007 of
50,898,515 and 42,243,005 respectively. As of March 31, 2008, Wave had cash
and equivalents of approximately $1.5 million and no long-term debt.
Steven Sprague, Wave's president and CEO, commented, "Our first quarter
performance reflected continued strength in bundled sales of our Wave Embassy
Trust Suite software in what appears to be the slowest quarter for customer
activity each year. While we made continued strides in engaging enterprises in
dialogues regarding upgrade activity and worked to expand our pipeline of
opportunities, actual sales that closed in the quarter were modest, though we
experienced expanding customer interest.
"I'm pleased to say that our efforts in Q1 and prior periods are yielding
positive results. We have already received more upgrade orders in Q2 than we
received in all of Q1 2008. We are also seeing encouraging activity in the
area of full disk encryption. While the number of drives sold was modest, well
over 1,000 different enterprises have purchased FDE drives equipped with our
software for their evaluation and testing. We believe this illustrates the
level of interest we are seeing for FDE solutions, and could present
opportunities to 'up-sell' enterprise early adopters or beta testers with our
EMBASSY Remote Administration Server software, built specifically to support
enterprise FDE deployments.
"The growth of the installed base of customers with Wave software is also
significant. With over 27 million units shipped to date, the installed base
represents an important development for Wave, and we continue to see growing
interest in managing the hardware security that is shipping as standard on
most enterprise client platforms. Our marketing efforts are promoting
significantly greater industry understanding of hardware security, and we have
seen increased advertising and marketing efforts by our partners in this area
as well.
"Importantly, these efforts are also yielding our first satisfied upgrade
customers such as Ken Waring of CBI Health and David Virkler of AdaptaSoft,
both of whom have volunteered to serve as reference customers and discuss
their network's adoption of our solutions."
CBI Health
"As one of the largest healthcare services and management providers in all
of Canada, with more than 2,300 clinical and support providers on staff, it's
our obligation to safeguard our patients' information and take proactive
measures to mitigate the risk of data breach. Wave offers a technically
progressive solution that was compelling when compared to the other market
offerings." said Ken Waring, Director of IT at CBI (Canadian Back Institute)
Health, a network of more than 135 community- and hospital- based
rehabilitation, medical and healthcare facilities. "Wave's software, which
manages both the Seagate Momentus full disk encryption drives and the Trusted
Platform Modules on these PCs, is integral to our corporate security strategy
going forward. We chose Wave because of its ease of use, low total cost of
ownership and their strategic relationship with Dell."
AdaptaSoft
"As providers of software and services for payroll providers, we understand
the importance of keeping client and employee information secure. We evaluated
data protection solutions from other vendors, but early on we were sold on the
inherent advantages of hardware-based encryption for our mobile data. That's
why the clear choice was Wave--their product was in a class above all others,"
noted David Virkler, Chief Information Officer at AdaptaSoft Inc. based in
Francesville, IN. "All of our future laptops will include Wave's software,
TPM's and FDE hard drives from Seagate. With Wave's EMBASSY Remote
Administration Server, we've been able to manage Seagate's drives and the
Trusted Platform Module security chips in our organization. We chose Wave
because they had the enterprise infrastructure in mind when they designed
their solution, thus enabling a low-touch, fully functional, data protection
solution."
Summary of recent progress/developments:
(for more details, please visit www.wave.com):
-- Dell Software License Amendment: In early January, Wave
amended its software license agreement with Dell extending the
term of the agreement to January 2011. Pursuant to the
agreement, Dell is permitted to distribute Wave's ETS software
on certain of its PCs that include TPM security chips.
Reflecting value-added features incorporated into a new
version 3.0 of Wave's ETS software, starting in mid-2008 Wave
will receive a higher per-unit royalty based on the volume of
products shipped by Dell with this software. The contract does
not provide for guaranteed minimum royalties or shipped
quantities of units containing Wave software.
-- Dell Promotion: In late 2007 and into Q1 2008, Dell conducted
the "The World's Most Secure Notebook" advertising campaign.
The campaign highlighted the Dell/Seagate/Wave notebook
solution and was featured in a variety of major print and
online media. Wave is now participating in Dell's global
"Future of Computing" road show, demonstrating the company's
hardware-based data protection solutions with Seagate
Technology, LLC. The tour encompasses 149 cities worldwide,
with the first leg of the U.S. tour starting May 13, 2008 in
Pittsburgh.
-- Wave Releases Embassy Remote Administration Server Version
1.5: In late January, Wave released EMBASSY Remote
Administration Server (ERAS) version 1.5. ERAS 1.5 features
new, compliance-focused enhancements that are designed to
enable organizations with full disk encrypting (FDE) hard
drives from Seagate to generate a detailed audit log of drive
security events, thereby helping to establish that encryption
was not disabled by the user and that data on the drive
remained protected.
-- TVTONIC Expands High-Definition Offerings through On Networks:
In mid February, Wavexpress, a provider of broadband media
technology and services, majority-owned by Wave, entered a
content license with ON Networks, a leading new media company.
The content license allows Wavexpress to feature five of ON
Networks' TV shows in high-definition in its free Internet
television application, TVTONIC.
-- Wave Adds Lenovo as a supported OEM: In mid March, Wave
announced that it has completed the qualification and testing
of its EMBASSY Trust Suite, including the EMBASSY Trusted
Drive Manager software, on Lenovo PCs with Seagate Momentus(R)
FDE hard drives, adding Lenovo as a list of its supported OEMs
offering robust hardware data protection. Wave's Trusted Drive
Manager software, Lenovo Edition, is now available as an
option on the ThinkPad R61 series with Seagate Momentus Full
Disc Encryption (FDE) hard drives.
-- SigniaDocs, Inc. utilizes eSign Transaction Management Suite:
In mid March, Wave licensed its eSign Transaction Management
Suite (eTMS) for integration into SigniaDocs' SigNet eDoc
Management Solutions. Wave's trusted electronic signature and
vault solutions can now be used to automate SigNet eDoc
Management Solutions by eliminating the need for ink
signatures, as well as the expense of paper document
processing and transportation of mail, overnight delivery,
faxes and other types of delivery services.
-- Wave Introduces Trust-and-Verify Web Service: In early April,
Wave announced a proof-of-concept solution for ensuring the
integrity of data protection hardware with its
Trust-and-Verify Web service, in which a server interrogates
computers seeking access to sensitive data in order to verify
the status of their Seagate full disk encryption hard drive.
Only after this verification step occurs and the level of data
protection is deemed adequate, can a PC download requested
data.
-- Wave Partners with SafeNet to Expand Enterprise Security for
Data-at-Rest: In early April, Wave completed a reseller
agreement with SafeNet, Inc., a global leader in information
security. The agreement gives Wave authority to globally
market and distribute SafeNet's ProtectDrive line of software
disk encryption products, enabling Wave to now target mobile
PCs that are currently too small to support an FDE drive.
About Wave Systems
(MORE TO FOLLOW)
Show Headlines
« »
( BW ) 05/12 04:01PM Wave Q1 2008 Revenues Rose 32% to $1.7 Million on -2-
Wave provides software to help solve critical enterprise PC security
challenges such as strong authentication, data protection, network access
control and the management of these enterprise functions. Wave is a pioneer in
hardware-based PC security and a founding member of the Trusted Computing
Group (TCG), a consortium of nearly 140 PC industry leaders that forged open
standards for hardware security. Wave's EMBASSY(R) line of client- and
server-side software leverages and manages the security functions of the TCG's
industry standard hardware security chip, the Trusted Platform Module (TPM).
TPMs are included on tens of millions of PCs and are standard equipment on
many enterprise-class PCs shipping today. Using TPMs and Wave software,
enterprises can substantially and cost-effectively strengthen their current
security solutions. For more information about Wave and its solutions, visit
http://www.wave.com.
Safe Harbor for Forward-Looking Statements
Except for the statements of historical fact, the information presented
herein constitutes forward-looking statements within the meaning of the
Private Securities Litigation Reform Act of 1995. Such forward-looking
statements involve known and unknown risks, uncertainties and other factors
which may cause the actual results, performance or achievements of the company
to be materially different from any future results, performance or
achievements expressed or implied by such forward-looking statements. Such
factors include general economic and business conditions, the ability to fund
operations, the ability to forge partnerships required for deployment, changes
in consumer and corporate buying habits, chip development and production, the
rapid pace of change in the technology industry and other factors over which
Wave Systems Corp. has little or no control. Wave Systems assumes no
obligation to publicly update or revise any forward-looking statements.