Register for free to join our community of investors and share your ideas. You will also get access to streaming quotes, interactive charts, trades, portfolio, live options flow and more tools.
Register for free to join our community of investors and share your ideas. You will also get access to streaming quotes, interactive charts, trades, portfolio, live options flow and more tools.
EVault Experiences Rapid Customer Growth Providing Credit Unions With Backup and Recovery Solutions
Tuesday August 12, 6:00 am ET
http://biz.yahoo.com/bw/080812/20080812005512.html?.v=1
EMERYVILLE, Calif.--(BUSINESS WIRE)--EVault, Inc., a Seagate Technology (NYSE:STX company and leader in online backup and recovery, today announced that rising demand for its backup and recovery Software as a Service (SaaS), licensed software and managed services offerings helped the company grow its credit union customer base by more than 50 percent over the past twelve months. Hundreds of credit unions in North America, including Tower Federal Credit Union, Travis Credit Union, Langley Federal Credit Union, NASA Federal Credit Union and City County Credit Union, rely on EVault to keep their core system data secure, encrypted, compliant and easy to manage.
ADVERTISEMENT
"Credit unions face increasing competitive pressures as they try to expand their business reach and offer members more banking services," according to Robert Hunt, senior research director at Tower Group, a leading research and advisory services firm focused exclusively on the global financial services industry. "The need to improve operational efficiencies, especially in IT, is paramount for growth. It is essential to ensure data is protected so IT's efforts can focus on building the business and servicing their members."
In order to help more credit unions efficiently and securely manage and protect ever-increasing amounts of data and improve Recovery Time Objectives (RTO), EVault also partners with the leading core system vendors in the industry, including Harland Financial Services, FiServ’s CUSA and Information Technology, Inc. (ITI) and Ongoing Operations. Used by more than 20,000 customers worldwide, EVault’s data protection technology is patented to reduce storage footprint and network bandwidth requirements while ensuring end-to-end security and quick backups and recoveries. For online backup and managed services customers, the company has seven secure Tier III & IV SAS 70 Type II certified data centers throughout North America for offsite data protection.
Several credit unions attest to the benefits of being an EVault customer:
“We have increasing regulation attached to protecting member data, and beyond just backing up the data electronically, we also needed a solution that provided encryption for information stored off-site. EVault provides this added layer of security.”
Tim Burch, vice president technology services, NASA Federal Credit Union
“EVault is a pioneer in online backup and SAS-70 is a big thing in the credit union world. It means a lot to provide our auditors with the SAS-70 certification to ensure we are secure in our treatment of backup data.”
Nancy Bourdon Chief Information Officer City County Credit Union
“Protecting our members’ data is key to the continued growth and success of Travis Credit Union. We made the commitment to standardize on EVault InfoStage as our single backup platform for Business Continuity and ease of use reasons, and have discontinued the use of tape backup altogether.”
Richard Roark, VP information technology at Travis Credit Union
“Credit unions want to know that all of their data is secure, protected and most importantly, quickly recoverable in case of disaster,” said Shail Khiyara, senior vice president of the EVault business unit of Seagate Services. “They also want flexibility without the drain on limited resources, and only EVault can offer unparalleled data protection via SaaS, licensed software or managed service offerings that easily scale as business and data requirement grow and change.”
About EVault
EVault, a subsidiary of Seagate Technology, is the trusted expert in comprehensive data protection solutions for over 20,000 small to large enterprise customers globally. Since 1997, EVault’s software and outsourced services for backup, recovery, and archiving have allowed customers to conform to industry-specific compliance and security regulations. EVault’s DeltaPro™, patented Quick File Scanning, and patent-pending Adaptive Compression technologies make it easy to secure, protect and recover critical data across a broad range of operating systems and applications, delivering the highest performing online backup and recovery solutions available. EVault is the only vendor in the industry that allows customers to choose between 1) licensing and managing software in-house, 2) licensing software and outsourcing the data protection management to EVault or 3) subscribing to Software as a Service offering delivered by EVault. For more information about EVault or to hear what our customers are saying, visit www.seagateservices.com or contact an EVault expert at 877-382-8581.
About Seagate Services Group
Seagate Services provides trusted, single-vendor solutions for the protection, analysis, and retention of electronic information. Our innovative technology combined with flexible deployment options solve the most rigorous compliance and mission critical data management problems resulting in lower costs, fewer risks, and better organizational control for our customers. The Seagate Services’ group is comprised of data protection offerings based on EVault’s comprehensive portfolio of software and on-line services for backup, recovery and archiving; Seagate Recovery Services’ data recovery, data migration, and data accessibility solutions; and E-Discovery Solutions based on MetaLINCS technology for the intelligent E-Discovery of relevant electronic messages and documents. For more information, please visit www.seagateservices.com.
Seagate and Seagate Technology are registered trademarks of Seagate Technology LLC. The Wave logo, MetaLINCS, EVault, Seagate Recovery Services, DeltaPro Quick File Scanning, and Adaptive Compression are trademarks or registered trademarks of Seagate Technology LLC or one of its affiliates. All other trademarks or registered trademarks are the property of their respective owners.
Limelight Integrates Silverlight
http://www.thewhir.com/marketwatch/041607_Limelight_Integrates_Silverlight.cfm
April 16, 2007 -- (WEB HOST INDUSTRY REVIEW) -- Content delivery network provider Limelight Networks (limelightnetworks.com) announced on Monday that its content delivery platform will integrate Microsoft Silverlight, a newly announced cross-platform, cross-browser plug-in for delivering the next generation of media experiences and rich interactive applications for the Web.
Level 1 PCI DSS Certified Service Provider! DataPipe delivers the best network & support; top tier data centers; New York metro, Silicon Valley, London, Hong Kong, Shanghai. DataPipe - Personal Touch, Global Reach.
The Limelight Content Delivery Network will support high-performance streaming of Silverlight-enabled rich media content across multiple platforms and browsers to audiences of any size. As a result, content providers will be able to efficiently deliver Silverlight-based experiences with high-quality video and other bandwidth-intensive content to millions of Internet users worldwide who want to instantly access content without significant load times or downloading of specialized player programs.
Limelight provides distributed Internet delivery of video and music to large audiences for in the media and entertainment industry. By supporting Silverlight, Limelight will enhance its distributed delivery capability to enable companies to deliver customized video experiences with movies, trailers, TV shows, broadcast media, advertising and major events in an environment that enables them to control all aspects of interaction and brand delivery to end users.
"As Web media becomes more popular, content providers are facing competitive pressure to deliver higher-quality Web experiences," says Nathan Raciborski, co-founder and CTO of Limelight Networks. "By collaborating with Microsoft to implement Silverlight, we are providing a high-performance platform and tools solution for precisely delivering rich media experiences to a complete range of IP-connected devices, including PCs, Macs and mobile devices."
Limelight recently announced it formed a partnership with tvCompass, providing the company with content delivery network services for tvCompass' Smart Remote wireless handheld device.
dude_danny
Wave/ TvTonic/ Visa
Just doing some googling this evening after seeing 2 or 3 Visa/2008 Olympic commercials and possible connections/implications to Wave. Nicely done commericals by the way. Maybe Visa will advertize be on TvTonic... I remember SKS mentioning Visa on several occasions in the past...This deal IMO will bring Wave more customers/contracts...IMO.
http://www.itworld.com/transcriptgeersprague070703?page=0%2C1
Geer:
And what types of threats, as far as I guess plain speaking, end-result type of threats does this prevent, whether it's someone got my personal private information off my laptop or someone took control of my computer or something like this? What's a list of things that this chip would help prevent that aren't completely preventable without it today?
Sprague:
Well, so what a trusted platform module does is it eliminates the support, or the reliance on a consumer-known userID and password. If you tell me your userID and password to your Visa account, I can log on from any computer anywhere in the world. If that Visa account has done a key exchange with a trusted platform module, then I know that Steven Sprague, or the user, has provided a pin number to release the use of that trusted platform module to log me onto my Visa account. So you would have to know two things, my pin number and you'd have to have physical possession of my machine. And it's the reliance on those two different factors of authentication that makes for a very strong authentication session. And having this as a standard capability in every new PC means that ultimately a bank or an enterprise can rely on the fact that ultimately every user will have this same capability. So they can build one system that will support universal, strong authentication across all machines in the network.
http://www.isg.rhul.ac.uk/~kp/EEMV.pdf
"Recently, concerns over merchants running vulnerable payment applications have become so great that beginning
in January 2008, Visa will begin implementing a series of mandates to eliminate the use of non-secure payment applications from the Visa payment system [51]. Visa will only accept payments from merchants using payment applications that adhere to, and have been validated
against, Visa's Payment Application Best Practices (PABP) [50].
In summary, current CNP transaction processing cannot make use of the robust security features available from EMV-compliant ICC cards, and simply reverts to pre-EMV card au-
thentication procedures. This weakness is now being ruthlessly and increasingly exploited by fraudsters, and closing this attack vector represents a signi¯cant challenge to the payment
card industry."
"To combat the threats posed by malware TGs (and by merchants that are non-conformant with the PCI-DSS), we propose e-EMV, a system that makes use of Trusted Computing tech-
nology to securely emulate EMV for CNP transactions. We describe a system architecture encompassing user enrollment, deployment of software cards to customer platforms, card ac-
tivation, and subsequent transaction processing. Our e-EMV proposal uses a combination of application software, a Trusted Platform Module (TPM) [45], a processor (with chipset exten-
sions) [23] and Operating System (OS) support [34, 1] to securely emulate the functionality of
a standard EMV-compliant card in software. We provide a detailed description, at the level of individual TPM commands, showing how this emulation is achieved. We also explain how the security features provided by Trusted Computing are used to obtain an appropriate level of security for our system..."
dude_danny
PC Sales Record a Strong First Quarter 2008 in EMEA with Growth Reaching 19%, Says IDC
http://www.idc.com/getdoc.jsp?containerId=prUK21194708
LONDON, April 21, 2008 — According to new preliminary data released by IDC EMEA, the first quarter of the year displayed very healthy trends for the PC industry in EMEA. Driven by continued strength in the notebook market in Western Europe and accelerated portable market expansion in the CEMA region (Central Eastern Europe, Middle East, and Africa), PC shipments recorded robust 19% growth compared with the same quarter in the previous year.
Notebooks continued to drive growth across the region with shipments recording an increase of over 43% year on year, while desktops suffered from the market contraction in Western Europe and declined by 1.7%, boosting the share of notebooks to over 55% of total EMEA shipments.
Demand for portable PCs remained strong in Western Europe as declining price points continued to assist SMB renewals and multiple equipment purchases in the consumer space. The competitive environment also intensified in the CEMA region, where vendors are driving increasing volumes and accelerating portable adoption.
"Despite its maturity, the Western European PC market showed no signs of slowing down as overall shipments increased by 12.6% year on year in 1Q08. Mobility undoubtedly remained the key engine of growth across both consumer and business segments. While the quarter started slowly, demand picked up in mid-February and, with a robust March, notebook shipments were boosted by over 30%, while desktop sales dropped by another 10%. The transition from desk-based to portable platforms accelerated further in the consumer space in particular, where notebooks were 70% of purchases," said Eszter Morvay, senior research analyst for IDC's EMEA PC tracker.
"The first quarter is traditionally buoyant with new product releases, which, coupled with strong vendor push and active marketing campaigns, stimulated accelerating notebook renewals. Competition, particularly with the arrival of Dell in the retail area, became even fiercer and the market continued to consolidate among the key international players. In addition, the growing share of etailers and the increasing presence of telco players, with the development of appealing Internet bundles, also contributed to price pressures and stimulated market expansion as well as multiple equipment purchases in European households, which is expected to be a key driving trend in 2008."
Growth in CEMA did not show any sign of slowing down either, with an acceleration of portable adoption that contributed to boosting EMEA growth to the 19% observed this quarter.
"The first quarter of the year again saw very strong growth in the CEMA region with shipments recording 31.3% growth year on year, driven by continued demand for desktops and booming notebook sales," said Stefania Lorenz, director, IDC CEMA Systems. "In contrast to declining trends in Western Europe, desktop sales continue to enjoy sustained growth in CEMA and represent over 50% of the market, with a 9.2% increase this quarter. This is driven by IT spending in the government and public sectors, SMB, and large enterprise segments. However, notebooks continue to grow at an impressive rate in both the CEE and MEA regions and exceeded expectations with an increase by 72.5% year on year in notebook shipments in 1Q08 for the two regions combined. Price competition among vendors is intensifying and, as prices for notebooks fall, they are becoming more affordable to home users who increasingly choose a notebook, rather than a desktop, as their first PC. International brands are strengthening their focus on the consumer market by selling through the major retail chains and shopping malls in some of the largest countries, while vendors also continue to increase their presence in the region through new alliances with distributors across countries."
"EMEA will clearly remain a major growth opportunity in 2008. While further market commoditization is expected as prices continue to decline, the current evolution of the market, including from a user behavior standpoint, is creating huge opportunities for the IT industry." said Karine Paoli, associate vice president, IDC EMEA Personal Computing group. "A large, and still growing, notebook installed base in the business market offers major replacement and up-sell opportunities, while the constant expansion and changing dynamics in the consumer space also offer major opportunities — faster replacement cycles and multiple equipment purchases — as well as differentiation as the market evolves towards increasing segmentation and usage scenarios."
"The market will also benefit from an expansion of the available routes-to-market. Vendors will continue to reinforce their channel strategies to support their expansion and drive profitable growth, as the battle for share will remain fierce in the business segment, while on the consumer side, retail will continue to play a pivotal role in driving market expansion and new product adoption. However, focus will also be placed on better addressing the etailer channel and the development of mobile broadband offerings with telcos."
"From a competitive environment standpoint, market concentration is likely to continue as vendors are looking at reinforcing their global capabilities and market reach, and as branding has become increasingly important. However, 2008 will continue to see a large number of players in the notebook space, with competition expected to be fierce among the major vendors while several other vendors will be looking at increasing their presence in EMEA and will potentially add pressure."
Vendor Highlights
HP maintained a strong performance in EMEA and continued to drive robust growth, reaching 28% in 1Q08, thanks to solid execution across all segments, which allows the vendor to take over 20% share of the total market. HP continued to drive share consolidation in the desktop space and robust share gains in both the commercial and consumer notebook market through an effective go-to-market, strong product portfolio, and aggressive pricing strategies.
Acer also continued to post strong gains and further reinforced its position in EMEA thanks to solid growth maintained in Western Europe, and outstanding growth of over 80% and 90% in CEE and MEA respectively, where the vendor maintains a strong expansion focus. The vendor also benefited this quarter from the share consolidation with Packard Bell, although with the acquisition still going through in 1Q08, the vendor was not yet able to fully leverage from the larger scale it will offer over the next quarters and from the multibrand strategy the vendor will deploy.
Dell's redefined strategy paid off and the vendor started 2008 posting over 70% growth of its consumer notebook sales in Western Europe in 1Q, which assists an overall solid performance at 21% in EMEA. The vendor's entry in the retail channel recorded a very encouraging success with strong traction on the Dell brand and product portfolio. The vendor also continued to maintain strong positions in the business segment, while continued expansion in CEE and MEA also contributed to the vendor's good quarter.
Fujitsu Siemens returned to positive shipment growth, albeit below market growth, driven by continued strength in the commercial notebook segment and healthy commercial desktop sales, especially in Germany where the vendor maintains a solid leadership. However, the consumer market remained challenging, as the vendor continues to suffer from the weakness of the consumer desktop market and fierce competition in the notebook space.
Toshiba continued to strengthen its fifth position in the overall EMEA ranking thanks to the strong position it maintained in the consumer notebook market in Western Europe, including in key countries such as the U.K. and Germany, though with a softer performance in France this quarter. However, the largest contributing factor for this quarter was the continued expansion of the vendor in CEMA, with over 80% growth achieved.
Lenovo, in sixth position, maintained strong performance in the commercial market across both desktop and notebook with over 30% shipment growth overall. Meanwhile, benefiting directly from the notebook market dynamics, Asus and Sony also displayed very healthy portable sales and continued to gain share in the region.
Top 5 Vendors: Europe, Middle East, and Africa (EMEA) PC Shipments* - 1Q08 (Preliminary) (000 Units)
Vendor
1Q07
1Q08
Share 1Q07
Share 1Q08
1Q08/1Q07 Growth
Hewlett-Packard
3,777
4,853
19.1%
20.7%
28.5%
Acer (1)
2,335
3,622
11.8%
15.4%
55.1%
Dell
2,317
2,813
11.7%
12.0%
21.4%
Fujitsu Siemens
1,420
1,550
7.2%
6.6%
9.2%
Toshiba
984
1,350
5.0%
5.8%
37.1%
Others
8,896
9,285
45.1%
39.6%
4.4%
Total
19,729
23,475
100.0%
100.0%
19.0%
Acer/Gateway/ Packard Bell (2)
2,989
3,622
15.2%
15.4%
21.2%
Source: IDC EMEA Quarterly PC Tracker, Preliminary Results, 1Q08, April 18, 2008
*PC shipments = desktop and notebooks.
(1) Acer shipments in 1Q08 include Acer, Gateway, and Packard Bell brands, following the recent acquisition by Acer of Gateway and Packard Bell.
(2) Acer, Gateway/eMachines and Packard Bell shipments for 1Q07 are provided here, aggregated in the additional row to allow easier year-on-year comparison. This is provided solely for comparison purposes, as the three companies were separate entities prior to the acquisitions.
Shipments are branded shipments for all form factors (including desktop and notebooks) and exclude x86 servers as well as OEM sales for all vendors. Data for all vendors is reported for calendar periods.
For more information on IDC's EMEA Quarterly PC Tracker or other IDC personal computing research services, contact Associate Vice President Karine Paoli, +44 (0) 20 8987 7218, or email kpaoli@idc.com. Alternatively, contact your local IDC office or visit www.idc.com
Nice Find Taxivader!
Good to see Samsung in the mix. I think some of their laptops use TPM 1.2 from infineon...Maybe a change?
dude_danny
Patients' Data on Stolen Laptop
Identity Fraud Not Likely, NIH Says
By Ellen Nakashima and Rick Weiss
Washington Post Staff Writers
Monday, March 24, 2008; A01
http://www.washingtonpost.com/wp-dyn/content/article/2008/03/23/AR2008032301753_pf.html
A government laptop computer containing sensitive medical information on 2,500 patients enrolled in a National Institutes of Health study was stolen in February, potentially exposing seven years' worth of clinical trial data, including names, medical diagnoses and details of the patients' heart scans. The information was not encrypted, in violation of the government's data-security policy.
NIH officials made no public comment about the theft and did not send letters notifying the affected patients of the breach until last Thursday -- almost a month later. They said they hesitated because of concerns that they would provoke undue alarm.
The handling of the incident is reminiscent of a 2006 theft from the home of a Department of Veterans Affairs employee of a laptop with personal information about veterans and active-duty service members. In that case, VA officials waited 19 days before announcing the theft.
"The shocking part here is we now have personally identifiable information -- name and age -- linked to clinical data," said Leslie Harris, executive director of the Center for Democracy & Technology. "If somebody does not want to share the fact that they're in a clinical trial or the fact they've got a heart disease, this is very, very serious. The risk of identity theft and of revealing highly personal information about your health are closely linked here."
The incident is the latest in a number of failures by government employees to properly secure personal information. This month, the Government Accountability Office found that at least 19 of 24 agencies reviewed had experienced at least one breach that could expose people's personal information to identity theft.
Elizabeth G. Nabel, director of the National Heart, Lung and Blood Institute (NHLBI), said in a statement issued late Friday that "when volunteers enroll in a clinical study, they place great trust in the researchers and study staff, expecting them to act both responsibly and ethically." She said that "we deeply regret that this incident may cause those who have participated in one of our studies to feel that we have violated that trust."
NIH officials said the laptop was taken Feb. 23 from the locked trunk of a car driven by an NHLBI laboratory chief named Andrew Arai, who had taken his daughter to a swim meet in Montgomery County. They called it a random theft. Arai oversees the institute's research program on cardiac magnetic resonance imaging and signed the letters to those whose data was exposed.
In the letter, Arai told the patients that "some personally identifiable information" was on the stolen computer, including names, birth dates, hospital medical record numbers and MRI information reports, such as measurements and diagnoses. Social Security numbers, phone numbers, addresses and financial information were not on the laptop, officials said.
Arai's letter said that the NIH Center for Information Technology determined that the theft posed "a low likelihood of identity fraud" or financial harm. "It is, however, an unfortunate breach of our commitment to protect the confidentiality of your research records," he wrote.
An initial effort by information technology personnel failed to encrypt the laptop before it was stolen and Arai neglected to follow up, according to NHLBI spokeswoman Susan Dambrauskas.
According to a chronology provided by Dambrauskas, three offices that focus on information security within NIH and the Department of Health and Human Services were contacted within three days of the theft.
But officials did not report it to the NHLBI Institutional Review Board -- whose job is to protect the well-being of patients in research -- until Feb. 29, six days after the theft. That put the matter on the board's agenda for its next meeting, on March 4, according to the board's chairman, Alison Wichman.
"We didn't feel that subjects were at immediate risk," she said. "We felt that we had some time to be thorough in our evaluation. In the end, that may or may not have been appropriate."
NIH spokesman John T. Burklow said that during the meeting, the board had "long and intense" discussions about what to do, as "there were concerns about not causing patients undue alarm." The board nonetheless voted unanimously to ask Arai to draft a notification letter, Wichman said.
At its next meeting, on March 18, the board reviewed the letter. Two days later, it gave final approval.
After the theft of the VA laptop, which contained sensitive personal information about 26.5 million veterans and military service members, the Office of Management and Budget issued in 2006 guidelines recommending that portable electronic devices be routinely loaded with encryption software.
Last May, it decided to require such encryption unless a senior agency official certifies that the device does not contain sensitive information. It also required limiting remote access to sensitive data repositories to authorized users with two methods of authenticating their identity, and documenting whenever sensitive information is downloaded and by whom.
The OMB memo required that agencies report a suspected or confirmed breach of personally identifiable information to US-CERT, a Department of Homeland Security Computer Emergency Readiness Team, within one hour of discovery -- a deadline NIH says it met.
In the case of the VA data, the laptop and hard drive were recovered. The FBI confirmed that the data had not been compromised. Two burglars were caught and convicted.
Nabel, in her statement, said that since the NIH incident, "we are ensuring" that all the institute's laptop computers are encrypted and that staff members will be required to take regular computer security training. She also said "patient names, other identifying information, or identifiable medical information" will no longer be stored on laptop computers.
Oknpv...Wouldn't that be something...maybe Harvard and the other top Universities will get really serious about this and apply trusted computing to their systems...We'll see...Lee is not too far from Cambridge.
dude_danny
Harvard says hacker broke into system
Thu Mar 13, 9:02 AM ET
http://news.yahoo.com/s/ap/20080313/ap_on_hi_te/harvard_data_breach
CAMBRIDGE, Mass. - Harvard University is notifying thousands of graduate students and applicants that their personal information may have been exposed by a data breach.
The Ivy League school says a computer hacker gained entry to its server last month.
Harvard says about 10,000 of last year's applicants may have had their personal information compromised, with 6,600 having their Social Security numbers exposed.
The school says it will provide the applicants with free identity theft recovery services and help them with credit monitoring and fraud alerts
Snackman/Awk: NICCCCCE Finds !!!
dude_danny
McAfee defends government over child database
It will be fine, honest
By Nick Farrell: Friday, 22 February 2008, 11:50 AM
http://www.theinquirer.net/gb/inquirer/news/2008/02/22/mcafee-defends-government-child
NAY-SAYERS against the government's central database plans have been slammed by insecurity experts McAfee for claiming that the operation will be less secure.
For those who came in late, Scottish Prime Minister Gordon Brown has been getting a bit of stick over a cunning plan to put every child's details onto a single database.
Instead of kiddies' details being held on a health, education or social services computer, they will be in one big one which can be linked to by the separate organisations.
Brown's thinking is that if it all in one place, no one can lose it and it can be much more secure.
However there has been much outcry in some circles that this database will be a damn fine target for hackers and we could be letting our kid's data fall into the hands of terrorists, paedophiles and other sorts of people that we used to be able to lynch.
However Kim Camman, marketing manager at mobile device encryption specialist SafeBoot, a McAfee company, told the INQ that it was a silly idea to assume that data stored on one central database will present a bigger threat than data held on lots of little ones.
He said that the problem with the system is not the single database idea but the fact that the data might be unencrypted in transit.
One central database is likely to be far more secure, as it will allow all parties to access it in a more secure way, he said.
It will also reduce the need for sensitive information to be stored on multiple mobile devices and transported between departments.
He said that if the database is managed and protected properly with strict security protocols and policies, and all employees are educated in these procedures, it should make a significant difference to improving child protection.
Unfortunately we are talking about the government here and it does not have what even the most trusting, gullible, rose-tinted spectacle wearer could call a good track record on data security.
Vacationhouse: Very Nice!!! Thank you.
dude_danny
O.T. Google to Store Patients' Health Records
Feb 21, 7:32 AM (ET)
By MICHAEL LIEDTKE
http://apnews.myway.com/article/20080221/D8UUN0100.html
SAN FRANCISCO (AP) - Google Inc. (GOOG) (GOOG) will begin storing the medical records of a few thousand people as it tests a long-awaited health service that's likely to raise more concerns about the volume of sensitive information entrusted to the Internet search leader.
The pilot project to be announced Thursday will involve 1,500 to 10,000 patients at the Cleveland Clinic who volunteered to an electronic transfer of their personal health records so they can be retrieved through Google's new service, which won't be open to the general public.
Each health profile, including information about prescriptions, allergies and medical histories, will be protected by a password that's also required to use other Google services such as e-mail and personalized search tools.
Google views its expansion into health records management as a logical extension because its search engine already processes millions of requests from people trying to find about more information about an injury, illness or recommended treatment.
But the health venture also will provide more fodder for privacy watchdogs who believe Google already knows too much about the interests and habits of its users as its computers log their search requests and store their e-mail discussions.
Prodded by the criticism, Google last year introduced a new system that purges people's search records after 18 months. In a show of its privacy commitment, Google also successfully rebuffed the U.S. Justice Department's demand to examine millions of its users' search requests in a court battle two years ago.
The Mountain View-based company hasn't specified a timetable for unveiling the health service, which has been the source of much speculation for the past two years. Marissa Mayer, the Google executive overseeing the health project, has previously said the service would debut in 2008.
Contacted Wednesday, a Google spokesman declined to elaborate on its plans. The Associated Press learned about the pilot project from the Cleveland Clinic, a not-for-profit medical center founded 87 years ago.
The clinic already keeps the personal health records of more than 120,000 patients on its own online service called MyChart. Patients who transfer the information to Google would still be able to get the data quickly even if they were no longer being treated by the Cleveland Clinic.
"We believe patients should be able to easily access and manage their own health information," Mayer said in a statement supplied by the Cleveland Clinic.
The Cleveland Clinic decided to work with Google "to create a more efficient and effective national health care system," said C. Martin Harris, the medical center's chief information officer.
Google isn't the first high-tech heavyweight to set up an online filing cabinet in an effort make it easier for people to get their medical records after they change doctors or health insurance plans.
Rival Microsoft Corp. (MSFT) last year introduced a similar service called HealthVault, and AOL co-founder Steve Case is backing Revolution Health, which also offers online tools for managing personal health histories.
The third-party services are troublesome because they aren't covered by the Health Insurance Portability and Accountability Act, or HIPPA, said Pam Dixon, executive director of the World Privacy Forum, which just issued a cautionary report on the topic.
Passed in 1996, HIPPA established strict standards that classify medical information as a privileged communication between a doctor and patient. Among other things, the law requires a doctor to notify a patient when subpoenaed for a medical record.
That means a patient who agrees to transfer medical records to an external health service run by Google or Microsoft could be unwittingly making it easier for the government or some other legal adversary to obtain the information, Dixon said.
If the medical records aren't protected by HIPPA, the information conceivably also could be used for marketing purposes.
Google, which runs the Internet's most lucrative ad network, typically bases its marketing messages on search requests and the content on Web pages and e-mail contained in its computers.
It's not clear how Google intends to make money from its health service. The company sometimes introduces new products without ads just to give people more reason to visit its Web site, betting the increased traffic will boost its profits in the long run.
Stolen laptop can finger crims then self destruct
Holy triangulation Batman
http://www.theinquirer.net/gb/inquirer/news/2008/02/19/stolen-laptop-finger-crims-self
By Ambrose McNevin: Tuesday, 19 February 2008, 2:45 PM
A UK firm says it has developed a WiFi laptop tracking security app which destroys its own data when moved beyond the network.
It claims that its Backstopp product uses IP addressing, RFID tags and GPS triangulation to keep an eye on laptops. If the machine is moved to somewhere it shouldn’t be then a self destruct can be triggered or set to go off automatically.
Should the lappy have a built in web cam, it can also be programmed to take pictures of whoever stole and beam them back to the network. The firm is not claiming that it is a first line of defence but says it is a useful security addition.
"The vast majority (of laptops) are not stolen for their data, but the ultimate recipient will often come across the data and use it for criminal purposes. This solution prevents that illicit use,” commented Dean Bates, CTO of Virtuity.
It costs a tenner a month to set up.
A GPS connection is in development which will be able to destroy data and get photos of the culprits out without needing WiFi.
Bankdata Upgrades Network Security with Juniper Networks Remote Access Solution
Tuesday February 19, 8:00 am ET
Speed, Security and Simplicity Maximized for Customers and Remote Workers
http://biz.yahoo.com/bw/080219/20080219005294.html?.v=1
SUNNYVALE, Calif.--(BUSINESS WIRE)--Juniper Networks, Inc. (NASDAQ:JNPR - News), the leader in high-performance networking, today announced that Bankdata, a leading financial services provider in Denmark, has chosen the Juniper Networks market-leading Secure Access SSL VPN solutions to provide safe yet easy access to key applications and other corporate network resources for Bankdata’s international workforce and customers.
Bankdata needed a cost-effective way to provide its remote workers in India with seamless access to the corporate network in Denmark to optimize productivity and efficiency, without exposing the network to risk from hackers, malware and other threats that could jeopardize service quality and data integrity. The company also wanted to provide secure customer access to financial applications hosted within the corporate network, without the capital and operational expense of creating an extranet to limit third party access to specific applications only.
“To maintain trust and meet strict financial regulatory compliance requirements, we must optimize data security and services reliability for customers and remote employees. Equally, security deployments cannot become operational bottlenecks, so ease of use and performance were important factors in our choice of a remote access solution,” said Claus Piessenberger, head of department, Network Security and Infrastructure at Bankdata. “Juniper’s high-performance network infrastructure solutions have provided Bankdata with greater choice and control over its network options and application delivery for remote users.”
Juniper’s Secure Access solutions meets Bankdata’s high-performance networking requirements by providing a Web browser-based solution that enables rapid remote access service roll out on a per-user basis, without having to install and manage individual client software on devices. Each remote user’s profile specifies which application and data resources they are entitled access to within Bankdata’s infrastructure, to help protect sensitive data from misuse by unauthorized employees and customers.
Secure Access solutions can also automatically perform a dynamic “health check” on each remote user’s laptop or access device and verify identity credentials against Bankdata’s preset central policy before access is granted, to minimize the risk to the corporate network. If a user’s device is found not to have appropriate antivirus, personal firewalls and other security elements in place, or if the device has already been compromised by malware, the session will not be granted - or terminated if the security stance changes mid-session.
“Success in financial services is all about trust, reliability and speed,” said Gert-Jan Schenk, senior vice president of operations, EMEA, Juniper Networks. “By deploying the Secure Access solution from Juniper Networks, Bankdata provides an automated solution to support the diverse security needs of its customers and remote employees from a single platform.”
The implementation was managed by TopNordic, a Juniper J-Partner in the Nordic region
Online Seminar - Sneak Preview to Window 2008: What's New and What Early Adopters have Experienced with Windows "Longhorn" Server; Feb 27, 2008
Nice Find goepling!
http://www.convergentcomputing.com/win2008.htm
dude_danny
BlackBerrys squashed by Whitehall data ban
PDAs and mobiles withdrawn during crackdown
http://www.silicon.com/publicsector/0,3800010403,39169917,00.htm
By Nick Heath
Published: Monday 4 February 2008
Government BlackBerrys and PDAs have been grounded by the Whitehall-wide ban on the movement of unencrypted personal data.
The devices have fallen foul of the department-wide ban imposed by cabinet secretary Sir Gus O'Donnell in the wake of the revelations about the Ministry of Defence data loss last month that resulted from a stolen laptop.
The Cabinet Office confirmed that any government electronic device, even down to a mobile phone, would have to have any personal data encrypted before it could leave Whitehall premises.
The Department of Health, Ministry of Justice, Department for Work and Pensions (DWP) and Ministry of Defence would not reveal how many portable devices were temporarily out of action but the Government Car and Despatch Agency has withdrawn 14 PDAs.
But other government departments have developed workarounds to minimise the disruption caused by the lockdown.
A spokesman for the Cabinet Office said: "The ban applies to any mobile device with storage capacity that contains personal data. There are systems in place and various workarounds that people are using to avoid work being disrupted."
He said government departments were prioritising the encryption process so the most heavily used machines were brought back into use first.
A DWP spokeswoman said its officials are working on overcoming problems caused by the ban.
She said: "For our customers it's been business as usual, as services have been unaffected. The temporary suspension has led to minor delays in some of our back office work, however, these are now being cleared."
Last month defence Secretary Des Browne admitted that three MoD laptops containing around 600,000 details of servicemen and recruits have been stolen since 2005. In addition, figures obtained by the Conservatives claim the department has lost a total of 347 laptops since 2004.
Sir Edmund Burton, chairman of the Information Advisory Council, is examining weaknesses in the MoD data security procedures and there is an ongoing cross-government review of data handling following HM Revenue & Customs' loss of 25 million child benefit claimants details in the post.
The government has suffered a catalogue of embarrassing security breaches, which includes the NHS losing hundreds of thousands of patients' records, the DVLA losing three million learner drivers' details and the loss of more than 4,000 patient details by primary care trusts in Stockport and Oldham.
Getting The TPM To Market Itself
https://www.trustedcomputinggroup.org/blog/
February 4th, 2008 by Rob Enderle
One of the difficulties with security technology is that it isn’t easily marketed. Unlike processors or graphics cards that increase performance buyers don’t want people to know they may have highly sensitive data on their systems, or communicate what they have protecting it. This combines the problem of having firms who are the most interested in security, and the more unlikely to want to become advocates, with the insurance style of selling where you have to make the risks seem eminent before you can get movement. However, there are advantages that can be communicated that people might advocate and let’s talk about those this week.
HP and the Thin Client Connection
Last week I was with HP and we were discussing the problems of marketing thin client computers and blade PCs which, particularly in their mobile form, are vastly more secure than any other type of personal computer because they don’t store much data and instead rely on much more secure remote resources.
The problem that was discussed was similar to the one facing the TCG in that the very customers that were using the technology were the least likely to want to talk about it. We are talking very secure government, military, healthcare, and financial services sites.
The idea that these folks would want to put any type of an indicator on their equipment that would market just how secure they were was widely derided by the large analyst firms in the room, and rightly so. Except if this made the hardware less likely to be stolen in the first place.
You see, the advantage that may be attractive to communicate isn’t that there is information in the box that is worth stealing, but that the box itself is worthless if stolen as the vast majority of thefts is to get the hardware and not the data. In the case of thin client laptops, there both the data AND the hardware is worthless and, without moving to thin clients, a system with a full TPM implementation could enjoy the same benefit.
Applied to the TPM
Implemented properly a TPM enabled and encrypted hard drive is a brick unless the user has the key and the key can be made revocable bricking the laptop. In fact enhancing this so that there was a solution that even when the hard drive was replaced by a thief the end result was still be a brick would likely even further enhance this value.
Now a sticker on the laptop indicating that it had technology that bricked it in plain sight would likely prevent most thefts in the first place and might increase the number of returns when lost as the product would have no use outside of its intended user. In addition, employees would become more likely to return products once their employment was terminated, and anyone gaining unauthorized access to the machines would be less likely to gain access to sensitive data.
The sticker could simply say “Warning This Laptop Is TPM Protected, if Lost or Stolen it Will Not Function, Please Notify _____” if found. Just seeing the sticker should get the thief to look for something else, and given this will actually be the case, the experienced thief is more likely to avoid this boxes.
The result would be a growing number of laptops and desktops that are advertising that their TPMs are turned on and functioning and increasing pressure on IT to make that happen.
The goal would be to come up with a common sticker and tie it to the activation of the related technology. If the sticker is used but the technology isn’t then the sticker loses credibility and the program fails so ensuring compliance, initially, is are important that getting broad coverage as you’d want to build credibility first.
Full Article
Bush looks to beef up protection against cyberattacks Font Size: Decrease Increase Print Page: Print Siobhan Gorman in Washington | January 28, 2008
PRESIDENT Bush has promised a frugal budget proposal next month, but one big-ticket item is stirring controversy: an estimated $US6 billion ($6.83 billion) to build a secretive system protecting US communication networks from attacks by terrorists, spies and hackers.
The US government has tracked, among other threats, continuing operations from China against US computer systems, according to former intelligence officials
Administration officials and lawmakers say that the prospect of cyberterrorists hacking into a nuclear-power plant or paralysing Wall Street is becoming possible, and that the US isn't prepared. This is "one area where we have significant work to do," Homeland Security Secretary Michael Chertoff said in a recent interview.
The White House's proposal has already dismayed lawmakers concerned about civil-liberties violations. Democratic lawmakers are also frustrated by what they see as the White House's refusal to provide details of the program, and say that could threaten the fate of the initiative.
Protecting private computer systems would likely require the government to install sensors on private, company networks, officials familiar with the initiative said. Amid divisiveness about other government-surveillance programs, having the government monitor internet traffic, even in the name of national security, will be a hard sell to Congress and the public.
Cybersecurity specialists say the threat ranges from terrorists hacking into nuclear-power control systems, banks or subways, to foreign governments secretly implanting software to siphon off Pentagon secrets from the government and military contractors.
Last week, a Central Intelligence Agency analyst reported that cyberattacks have disrupted power equipment in unspecified regions outside the US. In at least one case, he said, the attack knocked out power in multiple cities. The outages were followed with extortion demands.
The US government has been monitoring cyberattacks on US systems under a program with the moniker Byzantine Hades. It has tracked, among other threats, continuing operations from China against US computer systems, according to former intelligence officials. They say the program has discovered what appear to be efforts from China to collect information on specific types of US military programs, such as "quiet drive" technology that helps submarines evade detection. Some US officials believe such espionage is connected to the Chinese government.
Homeland Security counted 37,258 attacks on government and private networks last year, compared with 4,095 in 2005, the first year it started counting standardized data.
The administration's plan is to reduce points of access between the internet and the government and to use sensors to detect intrusions displaying potentially nefarious patterns, said former top intelligence officials. The program would first be used on government networks and then adapted to private networks. Former officials said the final price tag is approaching an estimated $US30 billion over seven years, including a 2009 infusion of around $US6 billion, though those numbers could change significantly as the plan develops.
Access to private networks will be a major sticking point because intelligence agencies, including the National Security Agency, are to play prominent roles.
"We need to be very careful," Mr Chertoff said. "There is a lot of thought being given to: How do you organise this in a way that protects an incredibly valuable asset in the United States but does it in a way that doesn't alarm reasonable people, and I underline reasonable people, in terms of civil liberties?"
House Homeland Security Committee Chairman Bennie G. Thompson, a Mississippi Democrat, wants the administration to put the program on hold until it can answer congressional concerns. "We don't want to unconstitutionally infringe on the rights of private business under the guise of this new program," Mr Thompson said.
He said he was particularly irked to learn that Mr Bush had signed a classified directive that outlines how the White House proposes to bolster security of government networks weeks ago but "has refused to share (the directive) with Congress."
White House spokesman Scott Stanzel said the White House is giving "careful consideration" to Mr Thompson's request for the January 8 directive, which he described as "a continuation of our efforts to secure government networks, protect against constant intrusion attempts, address vulnerabilities and anticipate future threats."
The structure of the initiative has also been under debate. Officials in Director of National Intelligence Mike McConnell's office argued for a centralised approach, according to a former senior government official. But they appear to have lost the fight in favor of a structure that would dole out responsibilities, and slices of the budget, to individual agencies, two former officials said.
The CIA and the Pentagon didn't want other agencies mucking about in their computer networks; other agencies sought to maintain exclusive relationships with certain industries. Some security experts warn a dispersed structure will invite bureaucratic turf wars. Mr McConnell's office declined repeated requests for an interview.
Current and former officials said the effort could be scaled back to primarily protect government networks. They would then do what is possible to help the private sector improve its security. Mr McConnell has said 95 per cent of the problem lies with the private sector.
Bush Looks to Beef Up Protection Against Cyberattacks
By Siobhan Gorman
http://online.wsj.com/article/SB120147963641320851.html?mod=googlenews_wsj
WASHINGTON -- President Bush has promised a frugal budget proposal next month, but one big-ticket item is stirring controversy: an estimated $6 billion to build a secretive system protecting U.S. communication networks from attacks by terrorists, spies and hackers.
Administration officials and lawmakers say that the prospect of cyberterrorists hacking into a nuclear-power plant or paralyzing Wall Street is becoming possible, and that the U.S. isn't prepared. This is "one area where we have significant work to do," Homeland Security Secretary Michael Chertoff said in a recent interview.
The White House's proposal has already dismayed lawmakers concerned about civil-liberties violations. ...
O.T. French Bank Says Trader Hacked Computers
Sunday January 27, 4:59 pm ET
By Jenny Barchfield and John Leicester, Associated Press Writers
French Bank Societe Generale Says Trader Who Bet $73 Billion Used Multiple Fraud Techniques
http://biz.yahoo.com/ap/080127/france_bank_fraud.html
PARIS (AP) -- Societe Generale said Sunday that a trader who evaded all its controls to bet $73.5 billion -- more than the French bank's market worth -- on European markets hacked computers and "combined several fraudulent methods" to cover his tracks, causing billions in losses.
The bank says the trader, Jerome Kerviel, did not appear to have profited personally from the transactions and seemingly worked alone -- a version reiterated Sunday by Jean-Pierre Mustier, chief executive of the bank's corporate and investment banking arm.
But, in a conference call with reporters, Mustier added: "I cannot guarantee to you 100 percent that there was no complicity."
Kerviel's lawyer said the accusations of wrongdoing against his client were being used to hide bad investments by the bank related to subprime mortgages in the United States.
"He didn't steal anything, take anything, he didn't take any profit for himself," the lawyer, Christian Charriere-Bournazel, told The Associated Press by telephone. "The suspicion on Kerviel allows the considerable losses that the bank made on subprimes to be hidden."
Officials said Kerviel was cooperating with police, who held him for a second day of questioning Sunday, seeking answers to what, if confirmed, would be the biggest-ever trading fraud by a single person.
The questioning was "going very well and the investigation led by the specialists of the financial police is extremely fruitful," said Jean-Michel Aldebert, head of the financial section of the Paris prosecutor's office.
Kerviel was giving "very interesting" explanations, Aldebert added. "From what he told me, he was fine psychologically." He refused to say whether Kerviel might face preliminary charges.
Kerviel, 31, has not been seen in public since the bank's bombshell revelation Thursday that his unauthorized trades resulted in 4.9 billion euros ($7.1 billion) in losses.
Even before his massive alleged fraud came to light, Kerviel had apparently triggered occasional alarms at Societe Generale -- France's second-largest bank -- with his trading, but not to a degree that led managers to investigate further.
"Our controls basically identified from time to time problems with this trader's portfolio," Mustier said.
But Kerviel explained away the red flags as trading mistakes, Mustier added.
"The trade was canceled, there was no specific follow-up to do," he said. "From our understanding today, the number of mistakes was not higher than (for) any other trader, so from our understanding that was not a reason to ring a bell."
Kerviel's lawyer said the trader made money for the bank through 2007 and has since been "thrown to the wolves of public opinion."
"He made profits for the bank until Dec. 31. From Jan. 1, he took risky positions like all traders," said Charriere-Bournazel, who is also president of the Paris bar association.
In a five-page statement Sunday, the bank said Kerviel used its money to build massive positions in futures contracts tied to the performance of baskets of stocks traded on exchanges in London, Paris, Frankfurt and other European markets.
Since those bets greatly exceeded the amount of capital he was allowed to put at risk, Kerviel entered fictitious and offsetting trades in Societe Generale's computer system that appeared to minimize the odds of big losses, the bank said. The trades were purposely chosen to avoid detection because they did not require cash contributions and were not subject to margin calls, which would require putting up more money if the fictitious bet soured, it said.
The bank said he plowed 30 billion euros ($44.1 billion) into the Eurostoxx index, another 18 billion euros ($26.5 billion) on the DAX in Germany and 2 billion euros ($2.9 billion) on the FTSE in London. The combined value of those positions, 50 billion euros ($73.5 billion), is far more than the bank's market capitalization of 35.9 billion euros ($52.6 billion), and close to the annual GDP of countries such as Slovakia, Qatar or Libya.
Societe Generale took three days last week to sell or offset with hedges his contracts, which amounted to bets on whether market indexes would rise or fall. But the bank sought Sunday to counter suggestions that its sell-off had caused already falling markets to plummet further than they otherwise might have done. The bank said it unwound Kerviel's positions in "a controlled fashion."
"Our impact on the market was quite minimal," Mustier said.
Societe Generale said Kerviel misappropriated other people's computer access codes, falsified documents and employed other methods to cover his tracks -- helped by his previous years of experience when he worked in other offices at the bank that monitor traders. Acquaintances described Kerviel as reserved and considerate, a young man who once taught children judo and held the door for elderly neighbors.
Kerviel's downfall started in the days before Friday, Jan. 18, when Societe Generale tightened lending restrictions on one of its customers, an unnamed large bank. He had apparently used that bank's name for one or more of his fictitious trades, and it led to what Societe Generale described as having "additional controls" put in place.
Kerviel's superiors in Societe Generale's equity trading division reviewed an e-mail that day from the large bank supposedly confirming trades he had booked. But they were suspicious about where the e-mail came from and launched an emergency investigation.
A day later, Kerviel was called to Societe Generale to explain. In the meantime, bank investigators confirmed that the large bank did not know about the trades.
After first not providing a clear explanation, Kerviel eventually confirmed that he had entered fictitious trades, the bank said. It then took a bank team throughout the night and into Sunday, Jan. 20, to identify all the exposure. Societe Generale's chief executive, Daniel Bouton, notified the governor of the Bank of France that day, and a decision was made to unwind the trades as quickly and as quietly as possible.
A complicating factor was that the bank was finishing work that Sunday on details of a separate announcement about the size of the multi-billion-dollar charge it would take for bad bets on mortgage-related investments in the U.S. News of that misstep was delayed until Thursday, when along with the fraud losses, the bank said it would take a 2.05 billion euro ($2.99 billion) write-down.
Societe Generale traders began unwinding Kerviel's losing bets at the beginning of European trading on Monday, just as Asian markets were in a free-fall and European shares were poised to plummet after a big drop in U.S. markets on the previous Friday. It took until Wednesday to finally close the books on Kerviel's adventures, the bank said.
Kerviel's lawyer cast suspicion on the way Societe Generale unwound the position, saying it did so in "totally unusual conditions."
"This decision was driven by other motives," he claimed, without elaborating.
Some experts have suggested Societe Generale may have exacerbated the fall and indirectly led to the U.S. Federal Reserve's subsequent decision to cut rates.
But in its explanatory note released on Sunday, the bank defended itself by saying the trades represented no more than 8.1 percent of the volume in futures trading each day on the Eurostoxx, DAX and FTSE.
Mustier said Kerviel's motivations were still unclear. "We don't know, we don't understand" what drove him to do it, he said.
"This event is a massive shock for us," he said.
The bank said Kerviel built up two portfolios of investments -- but that one of them consisted of "fictional operations," leaving the bank hugely exposed.
"In order to ensure that these fictitious operations were not immediately identified, the trader used his years of experience in processing and controlling market operations to successively circumvent all the controls which allow the bank to check the characteristics of the operations carried out by its traders," the bank's statement said.
"He had a very good understanding of all of Societe Generale's processing and control procedures."
It was the bank's most detailed explanation yet of the debacle that has further rattled the banking industry, already reeling from the subprime mortgage crisis in the U.S. Some observers have said the crisis could also leave the bank vulnerable to a takeover.
An aide to French President Nicolas Sarkozy suggested the state could step in to prevent any possible hostile bids.
"I think the state will not stand idly by if any predator attempts to take advantage of the situation," Henri Guaino told RTL radio on Sunday.
The situation has prompted calls for tighter regulation -- 13 years after trader Nick Leeson, whose illegal speculation bankrupted British bank Barings, first highlighted the potential risks from rogue traders operating without proper oversight.
Associated Press Writer Pierre-Antoine Souchard in Paris and AP Business Writer Chuck Hawkins in New York contributed to this report.
Stolen M&S laptop contains 26,000 pension details
ICO demands overhaul of data security…
http://www.silicon.com/retailandleisure/0,3800011842,39169821,00.htm
By Nick Heath
Published: Friday 25 January 2008
Retailer Marks & Spencer (M&S) could face prosecution if it does not comply within two months to the overhaul of its data security after losing 26,000 employees' pension details.
The Information Commissioner's Office (ICO) has threatened the retail giant with possible prosecution after the unencrypted data on a laptop was stolen from a contractor.
Names, addresses, national insurance numbers and information about pension plans - including wages but not bank account details - of the UK workers were on the machine.
M&S now has until 1 April to ensure all laptop hard drives are fully encrypted.
The ICO served the enforcement notice on 23 January after M&S would not agree to the ICO publicising the changes it demanded in data security at the company.
A spokesman for the ICO said: "There is no evidence that any employees suffered ID fraud but there is always that risk with this type of information."
Mick Gorrill, assistant commissioner at the ICO, added in a statement: "It is essential that before a company allows personal information to leave its premises on a laptop there are adequate security procedures in place to protect personal information, for example, password protection and encryption.
"If organisations fail to introduce safeguards to protect information they risk losing the trust and confidence of both employees and customers."
The data was stolen from the home of the MD of a company that was preparing pension change statements for M&S.
The ICO found that M&S breached the Data Protection Act by not taking appropriate measures to ensure the security of its data by making sure the laptop data was encrypted.
The enforcement notice says the Information Commissioner Richard Thomas takes the view that damage or distress is likely as a result of personal data getting into the hands of unauthorised persons.
A spokeswoman for M&S said: "We have been working with the ICO since we knew what had happened. We have been encrypting all hard drives since October last year."
She said the firm had informed all employees by letter the moment it found out about the theft, set up a helpline for affected workers and provided them with unlimited credit checks with Experian.
Last year Gordon Brown announced that the ICO would be given increased powers to conduct spot checks of government departments.
The Information Commissioner has called for these powers to be extended to cover all public bodies and private sector organisations.
University flunks NAC endpoint checks
http://www.networkworld.com/newsletters/vpn/2008/1231nac2.html
At Columbia University Medical Center more than half the machines using the network flunked endpoint checks
Security: Network Access Control Alert Newsletter
By Tim Greene, Network World, 01/03/08
Use of NAC at Columbia University Medical Center in New York City revealed that slightly more than half the machines using the network flunked endpoint checks.
As part of the school’s pilot of Bradford Networks’ NAC gear, machines were scanned as they tried to gain network access during the 2007 summer session, according to a recent presentation by the company at Network World’s IT Roadmap event in Washington, D.C.
The equipment found that 53% of the machines either lacked operating system patches or virus updates that were required for any machine joining the network.
This finding points out the importance of running trials before turning on NAC devices. Many network executives have endpoint configuration policies in place, and may even use automated update platforms to keep them in compliance, [ulbut compliance may be dismal nevertheless.
Some early adopters have reported that they turned NAC on without first running it in monitoring mode and had a horrible surprise. And so did their end users. Machines out of compliance were rejected, so many that the company help desk was swamped with complaints from users denied network access.
Running NAC in monitoring mode, identifying the scope of the problem and remediating it before initially turning on the devices in enforcement mode can save these headaches, particularly if the NAC gear doesn’t automatically direct users to remediation.
To view presentations from the Network World IT Roadmap event, go here, you’ll have to create an account with a user name and password. There’s no questionnaire, so it’s pretty fast. Then choose Washington, D.C. from the dropdown menu.
Tim Greene is a senior editor at Network World, covering network access control, virtual private networking gear, remote access, WAN acceleration and aspects of VoIP technology. You can reach him at tgreene@nww.com.
AT&T and Other ISPs May Be Getting Ready to Filter
By Brad Stone
January 8, 2008, 7:07 pm
http://bits.blogs.nytimes.com/2008/01/08/att-and-other-isps-may-be-getting-ready-to-filter/index.html
For the past fifteen years, Internet service providers have acted - to use an old cliche - as wide-open information super-highways, letting data flow uninterrupted and unimpeded between users and the Internet.
But ISPs may be about to embrace a new metaphor: traffic cop.
At a small panel discussion about digital piracy here at NBC’s booth on the Consumer Electronics Show floor, representatives from NBC, Microsoft, several digital filtering companies and telecom giant AT&T said the time was right to start filtering for copyrighted content at the network level.
Such filtering for pirated material already occurs on sites like YouTube and Microsoft’s Soapbox, and on some university networks.
Network-level filtering means your Internet service provider – Comcast, AT&T, EarthLink, or whoever you send that monthly check to – could soon start sniffing your digital packets, looking for material that infringes on someone’s copyright.
“What we are already doing to address piracy hasn’t been working. There’s no secret there,” said James Cicconi, senior vice president, external & legal affairs for AT&T.
Mr. Cicconi said that AT&T has been talking to technology companies, and members of the MPAA and RIAA, for the last six months about implementing digital fingerprinting techniques on the network level.
“We are very interested in a technology based solution and we think a network-based solution is the optimal way to approach this,” he said. “We recognize we are not there yet but there are a lot of promising technologies. But we are having an open discussion with a number of content companies, including NBC Universal, to try to explore various technologies that are out there.”
Internet civil rights organizations oppose network-level filtering, arguing that it amounts to Big Brother monitoring of free speech, and that such filtering could block the use of material that may fall under fair-use legal provisions — uses like parody, which enrich our culture.
Rick Cotton, the general counsel of NBC Universal, who has led the company’s fights against companies like YouTube for the last three years, clearly doesn’t have much tolerance for that line of thinking.
“The volume of peer-to-peer traffic online, dominated by copyrighted materials, is overwhelming. That clearly should not be an acceptable, continuing status,” he said. “The question is how we collectively collaborate to address this.”
I asked the panelists how they would respond to objections from their customers over network level filtering – for example, the kind of angry outcry Comcast saw last year, when it was accused of clamping down on BitTorrent traffic on its network.
“Whatever we do has to pass muster with consumers and with policy standards. There is going to be a spotlight on it,” said Mr. Cicconi of AT&T.
After the session, he told me that ISPs like AT&T would have to handle such network filtering delicately, and do more than just stop an upload dead in its tracks, or send a legalistic cease and desist form letter to a customer. “We’ve got to figure out a friendly way to do it, there’s no doubt about it,” he said.
O.T. South Korea's military on alert against overseas hackers: ministry
Email Print Normal font Large font January 3, 2008 - 3:52PM
http://news.smh.com.au/skoreas-military-on-alert-against-overseas-hackers-ministry/20080103-1k0x.html
South Korea's military has been put on alert against overseas hackers who have gained access to some soldiers' personal computers, the defence ministry said Thursday.
It did not identify the country where the hackers are based but Chosun Ilbo newspaper said it was China.
The Defence Security Command, which handles counter-intelligence, this week warned all military units to be on the alert against hacking, a ministry spokesman said.
"The alert was issued after the counter-intelligence command found 'third-nation' hackers had successfully broken into some soldiers' computers via e-mails to steal private data," the spokesman told AFP.
"No military information has been leaked."
The South's military runs its own Intranet, usually disconnected to the Internet, and also has separate servers for processing confidential data, he said.
But the command instructed troops to keep no official data on personal computers and also to update anti-virus programmes.
The spokesman said hackers used emails entitled in Korean "Current state of the North Korean army's capabilities" to arouse the curiosity of soldiers. The hacking virus starts working when the emails are opened.
Chosun Ilbo said military investigators had traced the hackers to China but failed to identify whether they are ordinary citizens or military personnel.
It noted that China launched a military unit called NET Force to carry out online warfare against enemy computer networks in 2000, with one million civilian "red hackers" operating in the country.
The Korea Institute for Defence Analyses, a state think-tank affiliated with the defence ministry, said one of its researchers had his computer hacked by a Chinese in 2004.
"The Chinese hacker took out private data, neither official nor confidential, from the researcher's personal computer while pretending to be a Korean e-mailer," a spokesman told AFP.
South Korea is one of the world's most wired societies with 34 million people or 70 percent of the population using the Internet.
If Your Hard Drive Could Testify ...
By ADAM LIPTAK
January 7, 2008
http://www.nytimes.com/2008/01/07/us/07bar.html?ei=5090&en=d0caa6c9bacf76ed&ex=1357362000&adxnnl=1&partner=rssuserland&emc=rss&adxnnlx=1199714806-NZ2agd4Kikkv8hShxGsvKg&pagewanted=print
A couple of years ago, Michael T. Arnold landed at the Los Angeles International Airport after a 20-hour flight from the Philippines. He had his laptop with him, and a customs officer took a look at what was on his hard drive. Clicking on folders called “Kodak pictures” and “Kodak memories,” the officer found child pornography.
The search was not unusual: the government contends that it is perfectly free to inspect every laptop that enters the country, whether or not there is anything suspicious about the computer or its owner. Rummaging through a computer’s hard drive, the government says, is no different than looking through a suitcase.
One federal appeals court has agreed, and a second seems ready to follow suit.
There is one lonely voice on the other side. In 2006, Judge Dean D. Pregerson of Federal District Court in Los Angeles suppressed the evidence against Mr. Arnold.
“Electronic storage devices function as an extension of our own memory,” Judge Pregerson wrote, in explaining why the government should not be allowed to inspect them without cause. “They are capable of storing our thoughts, ranging from the most whimsical to the most profound.”
Computer hard drives can include, Judge Pregerson continued, diaries, letters, medical information, financial records, trade secrets, attorney-client materials and — the clincher, of course — information about reporters’ “confidential sources and story leads.”
But Judge Pregerson’s decision seems to be headed for reversal. The three judges who heard the arguments in October in the appeal of his decision seemed persuaded that a computer is just a container and deserves no special protection from searches at the border. The same information in hard-copy form, their questions suggested, would doubtless be subject to search.
The United States Court of Appeals for the Fourth Circuit, in Richmond, Va., took that position in a 2005 decision. It upheld the conviction of John W. Ickes Jr., who crossed the Canadian border with a computer containing child pornography. A customs agent’s suspicions were raised, the court’s decision said, “after discovering a video camera containing a tape of a tennis match which focused excessively on a young ball boy.”
It is true that the government should have great leeway in searching physical objects at the border. But the law requires a little more — a “reasonable suspicion” — when the search is especially invasive, as when the human body is involved.
Searching a computer, said Jennifer M. Chacón, a law professor at the University of California, Davis, “is fairly intrusive.” Like searches of the body, she said, such “an invasive search should require reasonable suspicion.”
An interesting supporting brief filed in the Arnold case by the Association of Corporate Travel Executives and the Electronic Frontier Foundation said there have to be some limits on the government’s ability to acquire information.
“Under the government’s reasoning,” the brief said, “border authorities could systematically collect all of the information contained on every laptop computer, BlackBerry and other electronic device carried across our national borders by every traveler, American or foreign.” That is, the brief said, “simply electronic surveillance after the fact.”
The government went even further in the case of Sebastien Boucher, a Canadian who lives in New Hampshire. Mr. Boucher crossed the Canadian border by car about a year ago, and a customs agent noticed a laptop in the back seat.
Asked whether he had child pornography on his laptop, Mr. Boucher said he was not sure. He said he downloaded a lot of pornography but deleted child pornography when he found it.
Some of the files on Mr. Boucher’s computer were encrypted using a program called Pretty Good Privacy, and Mr. Boucher helped the agent look at them, apparently by entering an encryption code. The agent said he saw lots of revolting pornography involving children.
The government seized the laptop. But when it tried to open the encrypted files again, it could not. A grand jury instructed Mr. Boucher to provide the password.
But a federal magistrate judge quashed that subpoena in November, saying that requiring Mr. Boucher to provide it would violate his Fifth Amendment right against self-incrimination. Last week, the government appealed.
The magistrate judge, Jerome J. Niedermeier of Federal District Court in Burlington, Vt., used an analogy from Supreme Court precedent. It is one thing to require a defendant to surrender a key to a safe and another to make him reveal its combination.
The government can make you provide samples of your blood, handwriting and the sound of your voice. It can make you put on a shirt or stand in a lineup. But it cannot make you testify about facts or beliefs that may incriminate you, Judge Niedermeier said.
“The core value of the Fifth Amendment is that you can’t be made to speak in ways that indicate your guilt,” Michael Froomkin, a law professor at the University of Miami, wrote about the Boucher case on his Discourse.net blog.
But Orin S. Kerr, a law professor at the George Washington University, said Judge Niedermeier had probably gotten it wrong. “In a normal case,” Professor Kerr said in an interview, “there would be a privilege.” But given what Mr. Boucher had already done at the border, he said, making him provide the password again would probably not violate the Fifth Amendment.
There are all sorts of lessons in these cases. One is that the border seems be a privacy-free zone. A second is that encryption programs work. A third is that you should keep your password to yourself. And the most important, as my wife keeps telling me, is that you should leave your laptop at home.
Beginning Jan. 15, Adam Liptak’s column will appear on Tuesdays. Online: Documents and an archive of articles: nytimes.com
/adamliptak.
O.T. FBI Prepares Vast Database Of Biometrics
$1 Billion Project to Include Images of Irises and Faces
By Ellen Nakashima
Washington Post Staff Writer
Saturday, December 22, 2007; A01
http://www.washingtonpost.com/wp-dyn/content/article/2007/12/21/AR2007122102544_pf.html
CLARKSBURG, W. Va. -- The FBI is embarking on a $1 billion effort to build the world's largest computer database of peoples' physical characteristics, a project that would give the government unprecedented abilities to identify individuals in the United States and abroad.
Digital images of faces, fingerprints and palm patterns are already flowing into FBI systems in a climate-controlled, secure basement here. Next month, the FBI intends to award a 10-year contract that would significantly expand the amount and kinds of biometric information it receives. And in the coming years, law enforcement authorities around the world will be able to rely on iris patterns, face-shape data, scars and perhaps even the unique ways people walk and talk, to solve crimes and identify criminals and terrorists. The FBI will also retain, upon request by employers, the fingerprints of employees who have undergone criminal background checks so the employers can be notified if employees have brushes with the law.
"Bigger. Faster. Better. That's the bottom line," said Thomas E. Bush III, assistant director of the FBI's Criminal Justice Information Services Division, which operates the database from its headquarters in the Appalachian foothills.
The increasing use of biometrics for identification is raising questions about the ability of Americans to avoid unwanted scrutiny. It is drawing criticism from those who worry that people's bodies will become de facto national identification cards. Critics say that such government initiatives should not proceed without proof that the technology really can pick a criminal out of a crowd.
The use of biometric data is increasing throughout the government. For the past two years, the Defense Department has been storing in a database images of fingerprints, irises and faces of more than 1.5 million Iraqi and Afghan detainees, Iraqi citizens and foreigners who need access to U.S. military bases. The Pentagon also collects DNA samples from some Iraqi detainees, which are stored separately.
The Department of Homeland Security has been using iris scans at some airports to verify the identity of travelers who have passed background checks and who want to move through lines quickly. The department is also looking to apply iris- and face-recognition techniques to other programs. The DHS already has a database of millions of sets of fingerprints, which includes records collected from U.S. and foreign travelers stopped at borders for criminal violations, from U.S. citizens adopting children overseas, and from visa applicants abroad. There could be multiple records of one person's prints.
"It's going to be an essential component of tracking," said Barry Steinhardt, director of the Technology and Liberty Project of the American Civil Liberties Union. "It's enabling the Always On Surveillance Society."
If successful, the system planned by the FBI, called Next Generation Identification, will collect a wide variety of biometric information in one place for identification and forensic purposes.
In an underground facility the size of two football fields, a request reaches an FBI server every second from somewhere in the United States or Canada, comparing a set of digital fingerprints against the FBI's database of 55 million sets of electronic fingerprints. A possible match is made -- or ruled out--as many as 100,000 times a day.
Soon, the server at CJIS headquarters will also compare palm prints and, eventually, iris images and face-shape data such as the shape of an earlobe. If all goes as planned, a police officer making a traffic stop or a border agent at an airport could run a 10-fingerprint check on a suspect and within seconds know if the person is on a database of the most wanted criminals and terrorists. An analyst could take palm prints lifted from a crime scene and run them against the expanded database. Intelligence agents could exchange biometric information worldwide.
More than 55 percent of the search requests now are made for background checks on civilians in sensitive positions in the federal government, and jobs that involve children and the elderly, Bush said. Currently those prints are destroyed or returned when the checks are completed. But the FBI is planning a "rap-back" service, under which employers could ask the FBI to keep employees' fingerprints in the database, subject to state privacy laws, so that if that employees are ever arrested or charged with a crime, the employers would be notified.
Advocates say bringing together information from a wide variety of sources and making it available to multiple agencies increases the chances to catch criminals. The Pentagon has already matched several Iraqi suspects against the FBI's criminal fingerprint database. The FBI intends to make both criminal and civilian data available to authorized users, officials said. There are 900,000 federal, state and local law enforcement officers who can query the fingerprint database today, they said.
The FBI's biometric database, which includes criminal history records, communicates with the Terrorist Screening Center's database of suspects and the National Crime Information Center database, which is the FBI's master criminal database of felons, fugitives and terrorism suspects.
The FBI is building its system according to standards shared by Britain, Canada, Australia and New Zealand.
At the West Virginia University Center for Identification Technology Research (CITeR), 45 minutes north of the FBI's biometric facility in Clarksburg, researchers are working on capturing images of people's irises at distances of up to 15 feet, and of faces from as far away as 200 yards. Soon, those researchers will do biometric research for the FBI.
Covert iris- and face-image capture is several years away, but it is of great interest to government agencies.
Think of a Navy ship approaching a foreign vessel, said Bojan Cukic, CITeR's co-director. "It would help to know before you go on board whether the people on that ship that you can image from a distance, whether they are foreign warfighters, and run them against a database of known or suspected terrorists," he said.
Skeptics say that such projects are proceeding before there is evidence that they reliably match suspects against a huge database.
In the world's first large-scale, scientific study on how well face recognition works in a crowd, the German government this year found that the technology, while promising, was not yet effective enough to allow its use by police. The study was conducted from October 2006 through January at a train station in Mainz, Germany, which draws 23,000 passengers daily. The study found that the technology was able to match travelers' faces against a database of volunteers more than 60 percent of the time during the day, when the lighting was best. But the rate fell to 10 to 20 percent at night.
To achieve those rates, the German police agency said it would tolerate a false positive rate of 0.1 percent, or the erroneous identification of 23 people a day. In real life, those 23 people would be subjected to further screening measures, the report said.
Accuracy improves as techniques are combined, said Kimberly Del Greco, the FBI's biometric services section chief. The Next Generation database is intended to "fuse" fingerprint, face, iris and palm matching capabilities by 2013, she said.
To safeguard privacy, audit trails are kept on everyone who has access to a record in the fingerprint database, Del Greco said. People may request copies of their records, and the FBI audits all agencies that have access to the database every three years, she said.
"We have very stringent laws that control who can go in there and to secure the data," Bush said.
Marc Rotenberg, executive director of the Electronic Privacy Information Center, said the ability to share data across systems is problematic. "You're giving the federal government access to an extraordinary amount of information linked to biometric identifiers that is becoming increasingly inaccurate," he said.
In 2004, the Electronic Privacy Information Center objected to the FBI's exemption of the National Crime Information Center database from the Privacy Act requirement that records be accurate. The group noted that the Bureau of Justice Statistics in 2001 found that information in the system was "not fully reliable" and that files "may be incomplete or inaccurate." FBI officials justified that exemption by claiming that in law enforcement data collection, "it is impossible to determine in advance what information is accurate, relevant, timely and complete."
Privacy advocates worry about the ability of people to correct false information. "Unlike say, a credit card number, biometric data is forever," said Paul Saffo, a Silicon Valley technology forecaster. He said he feared that the FBI, whose computer technology record has been marred by expensive failures, could not guarantee the data's security. "If someone steals and spoofs your iris image, you can't just get a new eyeball," Saffo said.
In the future, said CITeR director Lawrence A. Hornak, devices will be able to "recognize us and adapt to us."
"The long-term goal," Hornak said, is "ubiquitous use" of biometrics. A traveler may walk down an airport corridor and allow his face and iris images to be captured without ever stepping up to a kiosk and looking into a camera, he said.
"That's the key," he said. "You've chosen it. You have chosen to say, 'Yeah, I want this place to recognize me.' "
Staff researcher Richard Drezen contributed to this report.
Nice Find Taxi!
Nice to see Wave awarded for something...Hopefully...we will see financial rewards as a result...
dude_danny
Nice Find Oknpv!
dude_danny
SOUTHCOM-DIA Regional Security Symposium Dec 11-13, 2207
http://www.fbcinc.com/southcom/exhibitors.aspx
***Question: This conference was posted on Wave's website and now it's not there. Anyone know why...? TIA***
http://www.wave.com/news/tradeshows.html
Registered Exhibitors
The following companies and agencies will be exhibiting at SOUTHCOM-DIA Regional Security Symposium. This page is frequently updated so please check back again soon.
B & H Photo Video, Pro-Audio, Inc. (18*)
Base-X Inc.
Force 10 Networks (14)
General Dynamics Information Technology (2)
General Projection Systems, Inc. (13)
Globecomm Systems, Inc. (8)
LTI DataComm (3)
MTN
N.E.T. Federal (4)
NYTOR, Inc. (19)
Proton Data Security, LLC (15)
Rapiscan Systems (1)
Rocstor (16)
Source One Distributors, Inc.
SRA International, Inc. (17)
Wave Systems Corp. (5)
dude_danny
Regional Security Symposium
http://www.fbcinc.com/southcom/
http://www.wave.com/news/tradeshows.html
General Information
The goal of the Regional Security Symposium is to provide a forum for the countries in North, Central and South America and their allies to address the intelligence and security challenges in the region, how these issues fit into global challenges to security and, finally, to share lessons learned for the way ahead.
Invited participants include senior military intelligence officers from Latin America and the Caribbean; Canada; United Kingdom; France; Spain; and the Netherlands. The hosts of the symposium are the Director of the Defense Intelligence Agency, the National Defense Intelligence College and the commander of US Southern Command.
Registered Exhibitors
The following companies and agencies will be exhibiting at SOUTHCOM-DIA Regional Security Symposium. This page is frequently updated so please check back again soon.
B & H Photo Video, Pro-Audio, Inc.
N.E.T. Federal (4*)
NYTOR, Inc.
Rapiscan Systems (1)
Wave Systems Corp.
Attendee Registration
Registration Fee
The SOUTHCOM-DIA Regional Security Symposium is for invited government and military personnel only. The cost for US attendees to attend is $295. There is no fee for international guests.
dude_danny
Nice find Helpfulbacteria!
New Additions to the Industry’s
Broadest Product Line
Product Capacity Segment Availability
DVRs and home media CQ1’08
servers
DB35 CE Up to 1TB
SV35 Up to 1TB Video surveillance CQ1’08
CTUs now
shipping
Seagate D.A.V.E. Up to 60GB Mobile
platform
Cheetah 15K.6 Up to 450GB Mainstream enterprise CQ1’08
Barracuda 7200.11 FDE Up to 1TB Desktop PC Mid ’08
Momentus 5400.4 Up to 250GB Notebook CQ4’07
Maxtor OneTouch 4 80GB – 1TB SMB, SOHO, Home TBA
dude_danny
goepling, Nice Find!
dude_danny
Cyber Security Awareness Tip #14: Data Encryption
10-14-2007, 09:08 PM
http://forums.pcper.com/showthread.php?t=446275
Gartner has recently begun beating the drum that FDE, alone, Ain't Good Enough. This after thoroughly trouncing F/FBE-only, for years, for inadequately protecting data.
It takes both forms of "at-rest" crypto to significantly mitigate risks of data loss/leakage.
Crypto also has to be *relatively painless* for the end-user to live/work with, otherwise there will be devastation from pilot error. Single sign-on, and, for the vast majority, integration with Windows Active Directory, will have to play a role in easing some of the burden on end users.
There is some cool stuff from Seagate (Momentus) and Wave Systems for integrating HW-based, managed FDE with Windows Authentication. It's even cooler when there's TPM 1.2 to mash/mesh with. I'm not the only one who thinks this stuff is good -- it's being fast-tracked for "Federal"-use approval, outside of FIPS.
There's also some interesting use of crypto in VMware's ACE2, which isn't your mammy's or pappy's ACE1, that integrates slickly with Windows AD -- if you're thinking about leveraging managed desktop clients.
dude_danny
Tech giants team up for secure software
Trust IT...
http://software.silicon.com/security/0,39024655,39168921,00.htm
By Gemma Simpson
Published: Wednesday 24 October 2007
A technology industry group has launched with the aim to increase the trust in IT products and services.
The five founding members of the body known as the Software Assurance Forum for Excellence in Code (SAFECode) - EMC, Juniper Networks, Microsoft, SAP and Symantec - will try to identify and promote best practices within the IT industry for developing and delivering more secure and reliable software, hardware and services.
Speaking at the RSA Conference Europe 2007, Paul Kurtz, executive director of SAFECode, said: "Any IT vendor or communications company is welcome to join... We have a good core section now but we need more members."
According to SAFECode, while individual companies have implemented effective methods to develop and deliver more reliable and secure software, hardware and services - there has been no co-ordinated, industry-led effort to build on this work and promote best practices to advance software assurance more broadly.
The group plans to do this by promoting best practices among vendors and customers and encouraging changes to university curriculums. The group will also lobby government to improve software quality and share information equally between all members.
Wavxmaster: Nice DD!
dude_danny
European Demand for Secure Identity Standards Reaches New Levels
http://www.oasis-idtrust.org/node/45
Fri, 10/05/2007 - 16:55 — dschur
OASIS IDtrust to host a complimentary one-day workshop on the current state of identity management initiatives and standards
Barcelona, Spain, 04 October 2007 — The demand from the private and public sectors for secure identity management solutions and trusted computing is becoming the drumbeat of every enterprise. It is estimated that spending on security software across Europe is expected to exceed 3.2 billion Euros in 2007, the largest single expenditure for most corporate IT budgets. There is a strong need for all parties to agree on common standards, bridging the existing islands of identity management systems, and encouraging the development of easily deployable systems with improved security and privacy properties.
The need for open, reliable standards related to identity and trust is the driver for the 'OASIS Identity and Trusted Infrastructure Workshop: Evolutionary Milestones Workshop' which will occur at the Burton Group Catalyst Conference Europe on 22 October 2007 in Barcelona, Spain.
Presentations will focus on the critical need for strong identity management initiatives, protocols, and standards. International experts will explore innovative approaches, successful case studies, and potential opportunities directly relevant to common identity management challenges. The programme is divided into three highly relevant topic areas:
International Mandates and New Identity Management Challenges
Emerging approaches to ID Management and Global Collaboration
ID Management and Trust Case Studies: Successes and Obstacles
The objective will be to share information between the invited representatives from various groups involved with identity management initiatives and the attendees in an effort to avoid duplication of effort and work towards a common model for identity management standards. Attendees will gain valuable insight into which standards are relevant to their project needs, and learn first-hand from those who have successfully deployed standards-based Identity Management solutions in a variety of user scenarios.
Attendees of the IDtrust workshop are entitled to a discount to the Burton Group Catalyst Conference Europe.
For more information:
http://events.oasis-open.org/home/idtrust/2007/
TVTONIC convert
http://www.neowin.net/forum/index.php?showtopic=591419&pid=588894458&st=0entry58889445...
As of last week I was thinking about canceling my Direct TV, because I never watch it, well I watch it a little but nothing to warrant the $55 dollars a month. So I went looking last night for something would allow me to watch internet content easily. I already have windows media center edition running on my 42 inch so I wanted something that could easily add onto that.
What I found was something called TVtonic
http://www.tvtonic.com/
it probably has in its selection all video casts released on the internet. You can also subscribe to as many as you want, and it downloads them all in the back ground, so when you sit down to watch something you have a plethra of stuff to watch. Some of my favorites so far are , DL.TV and cranky geeks. Below is a screenshot of the software running in Windows Media center.
to make it complete I bought a windows media center remote, and if all goes well I'll be canceling my direct tv by the end of the month.
The number seen in the 2nd image under "My Channels" is the number of shows per program it has already downloaded and I have to watch.
They recommend 500 megs of free space per subscription.
and yes you can full screen it.
This post has been edited by warwagon: Oct 2 2007, 03:40
Dell upbeat about Vista uptake
Business customers will migrate...
http://software.silicon.com/os/0,39024651,39168836,00.htm
By Tom Espiner
Published: Tuesday 16 October 2007
Dell's chief executive has predicted that most of his company's business customers will migrate to Vista by 2009.
Speaking to journalists at Gartner's ITxpo Symposium in Orlando, Florida, Michael Dell said: "We have a number [of business customers] who have gone to Vista, and almost all are planning to go to Vista: some in 2008, and some in 2009. As they take on new IT deployments with new hardware features, Vista will be much better supported."
However, Dell's assertions run contrary to research published earlier in October by market research company Context, which found Vista sales for business machines were slowing.
Context found Vista Business accounted for 13 per cent of PC sales among European IT distributors in August 2007 - down from 17 per cent the previous month. Meanwhile, XP Professional accounted for 27 per cent of PC sales but it also saw poor growth, with August's figures down by four per cent compared to the previous month.
Vista Business is the direct successor to XP Professional.
silicon.com's Gemma Simpson contributed to this article
Tom Espiner writes for ZDNet UK
Cyber Security Industry Alliance Mobilizing to Support Data Security Legislation Wed Oct 3, 12:59 PM ET
http://news.yahoo.com/s/usnw/20071003/pl_usnw/cyber_security_industry_alliance_mobilizing_to_support...
ARLINGTON, Va., Oct. 3 /PRNewswire-USNewswire/ -- Members of the Cyber Security Industry Alliance (CSIA) will be mobilizing in key congressional districts across the country during the week of October 8 to call for immediate passage of data security and breach notification legislation.
CSIA's members will meet in the district offices of members of Congress to express the urgent need for legislation to establish national standards for safeguarding sensitive information as well as data breach notification.
The association's national grassroots campaign in support of data security legislation comes at a time when consumers are facing growing threats to their privacy and personal information. Since 2005, more than 165 million records have been compromises due to data security breaches.
"Data breaches continue to occur at every kind of organization -- schools, government agencies, health care providers, small businesses and large retail stores. It is time for Congress to act," said CSIA President Tim Bennett. "The continuing absence of a national data security law leaves consumers vulnerable to identity theft and threatens the security of personal data."
Strengthening the security of data and notifying consumers when breaches occur has bipartisan support in Congress. Several bipartisan bills currently under consideration would provide a realistic and effective legal framework for organizations of all sizes. Some 40 states have varying requirements covering data security and breach notification but the vast majority of these laws only address the problem after personal data has been compromised.
"Legislation should require public and private entities to implement strong security measures to prevent breaches before they happen," added Bennett. "We are confident that congressional leaders will act in bipartisan manner to protect consumers and business by enacting meaningful data security and breach notification legislation in the 110th Congress."
More information on the data security policy issue can be found here: https://www.csialliance.org/policy_priorities/issuebriefs/data_security_issue_ brief (Please copy and paste into your browser)
About the Cyber Security Industry Alliance
The Cyber Security Industry Alliance is the only international public policy advocacy group dedicated exclusively to ensuring the privacy, reliability and integrity of information systems. Led by CEOs from the world's top security providers, CSIA believes a comprehensive approach to information system security is vital to the stability of the global economy. Its offices are located in Washington, DC, and Brussels, Belgium. For more information, visit www.csialliance.org.
Members of the CSIA include Application Security, Inc.; CA, Inc. (NYSE: CA - CRDS.PK); Entrust, Inc. (Nasdaq: ENTU - NYSE: IBM - Nasdaq: IPAS - NYSE: EMC - Nasdaq: SCUR - Nasdaq: SYMC - news); TechGuard Security, LLC; and Vontu, Inc.
Computers, photos for new 'Indiana Jones' stolen
http://www.latimes.com/la-me-indianajones3oct03,0,1983208.story?coll=la-home-center
By Richard Winton and Andrew Blankstein, Los Angeles Times Staff Writers
October 3, 2007
Computers and photographs for director Steven Spielberg's upcoming fourth "Indiana Jones" film were stolen, and DreamWorks Pictures SKG has asked local law enforcement to investigate, a studio spokeswoman said.
"An investigation is being conducted by law enforcement," said Kristin Stark, a spokeswoman for DreamWorks.
Stark declined to say where and when the theft took place. Officials from the Los Angeles Police Department, the FBI and the Sheriff's Department could not immediately confirm that they were investigating.
Marvin Levy, Spielberg's spokesman, said the director was concerned that the thieves might be trying to sell the materials.
"We want to warn the media that anything that is offered is stolen property," Levy said. "We know it is out there."
He said that he didn't know specifics about the crime but that he believed it had occurred fairly recently.
Stark said the stolen items contained "confidential and proprietary materials" related to the movie, which is considered a potential blockbuster for next summer. There is much anticipation about the film, which will hit the big screen 19 years after the last installment in the series. The movie stars Harrison Ford, Shia LaBeouf and Cate Blanchett.
richard.winton@latimes.com