Register for free to join our community of investors and share your ideas. You will also get access to streaming quotes, interactive charts, trades, portfolio, live options flow and more tools.
Register for free to join our community of investors and share your ideas. You will also get access to streaming quotes, interactive charts, trades, portfolio, live options flow and more tools.
Dell podcast/bitlocker/windows server 2008
2007 Overview of New Security Features in Windows Server 2008
Sept 19, 2007
http://www.dell.com/content/topics/global.aspx/rss/en/podcasts?c=us&l=en&s=corp
dude_danny
Dell Europe IT Tour Fall 2007: GET ON THE RIGHT HORSE
***Wave listed as Partner
http://tst.dell-events.com/2007/autumn/index.php
So far these have more info:
http://tst.dell-events.com/2007/autumn/ireland/
(Wave listed as Demonstrating Partner)http://tst.dell-events.com/2007/autumn/ireland/partner/
http://tst.dell-events.com/2007/autumn/germany/duesseldorf/ (Wave listed as Partner)
http://tst.dell-events.com/2007/autumn/denmark/(Wave listed as Demonstrating Partner)
dude_danny
UK data laws need 'Californication'
Full Disclosure: Give us teeth, says security company chief
By Gemma Simpson
http://www.silicon.com/research/specialreports/fulldisclosure/0,3800014102,39168527,00.htm
Published: Monday 24 September 2007
Any UK data breach legislation should use the California law as a blueprint, according to an information security company chief.
Joe Fantuzzi, CEO of content and document protection company Workshare, told silicon.com it would be good to have more stringent protection in the UK and other countries in Europe because stronger regulations change behaviour.
Fantuzzi said: "That's why the California law has teeth - it's because of the requirement to notify and not because of the huge fines."
The law - known as SB 1386 - obliges Californian state agencies or businesses to disclose data security breaches to residents if their unencrypted personal information many have been compromised.
The data breach legislation in The Golden State has since been followed by similar moves from other US states and has forced businesses to take data security seriously - and given consumers the tools to protect themselves against fraud. silicon.com is campaigning for a similar law in the UK.
Fantuzzi added: "Japan probably has some of the most severe notification laws and penalties around privacy laws."
The quarterly Workshare Global Security Threat Report said companies tend to fall into two camps when it comes to data protection - those which have a "worryingly archaic approach" and those taking action by writing security policies to protect their data.
The report added: "Essentially, policies are not worth the paper they're printed on unless properly enforced. Organisations need to look at ways to better enforce policy if they want to avoid hefty fines and serious damage to their business reputation."
Businesses failing to safeguard sensitive data
Second-hand hard drives not being properly cleansed, says study...
http://software.silicon.com/security/0,39024655,39168550,00.htm
By Tom Espiner
Published: Tuesday 25 September 2007
Organisations charged with safeguarding sensitive data are not doing enough to ensure that information is cleansed from hard disks before disposal, according to BT.
A study of second-hand disks by BT and universities in Australia, the UK and the US found "a surprisingly large range and quantity of information that could be potentially commercially damaging or a threat to the identity and privacy of the individuals involved".
Researchers from one of the universities involved in the study, the University of Glamorgan, found that, in the UK, 41 per cent of the hard disks studied retained commercially sensitive information.
BT's global head of security research and development, Bryan Littlefair, said: "Some businesses are clearly not doing enough to cleanse hard disks. Some organisations are not putting correct data-disposal measures in place. It's not just a matter of deleting information or reformatting the hard disk."
The researchers used "easily available" open source forensics tools, such as Autopsy and Helix, which they described as not requiring "significant levels of skill or knowledge to effect the recovery of remnant data from storage media".
Sensitive NHS patient data was recovered from one of the disks. The study said: "Data from a disk that appears to originate from the National Health Service in the UK relates to hospital/medical data that can be attributed to a specific group of hospitals. The information retrieved included patient medical data, including histology reports and other information for a number of individuals, and a telephone contact list for the group of hospitals. There was also data present that indicated the interests of the users of the system in terms of their web-surfing habits."
Nine disks were recovered that had belonged to a furniture warehousing company based in the East Midlands. The information recovered included the company logo, letters to customers, the names of staff, internal telephone numbers, a number of (expired) credit-card numbers, a letter threatening court action and pornographic material.
Littlefair said companies and organisations must take responsibility for the disposal of hard-disk drives and, if using an external disk-disposal company, must make sure that company is reputable.
He said: "The buck stops at the enterprise. Certainly, if disk disposal is farmed out and is not done correctly, it's the fault of the data-cleansing company but organisations are ultimately responsible. Costs, accounts information, and profits are all of major interest to competitors. If global address lists and contract bidding information [is released], these can cause a big impact and could be share price-affecting in some instances."
There is also increasing national and international legislative pressure to address data-protection issues. In the UK, the Data Protection Act means that organisations should be responsible for data throughout its lifecycle, including its disposal.
The report called for organisations to introduce risk assessments to determine the sensitivity of the information on their disks, procedures to ensure their systems and disks are disposed of in an appropriate manner and, where appropriate, physical destruction of their disks. BT also called for full hard-disk encryption.
The study called for a public awareness campaign by commerce, academia and the government.
A total of 133 disks from the UK were studied. Two of the disks contained data that was deemed serious enough to be passed on to the law-enforcement authorities for study. All of the disks had been forensically imaged, with the image held in secure storage, to establish a chain of custody should the need arise.
As well as the University of Glamorgan, the other universities involved in the study were Australia's Edith Cowan University and Longwood University in the US.
Tom Espiner writes for ZDNet UK
Thanks Awk and Genz2.
Different panelists in Seattle and Dallas.
Start Encrypting Now, The Lawyers Are Coming!
01:15 PM - 02:00 PM
As if breach notification regulations weren’t incentive enough to encrypt sensitive data, the civil courts are turning up the heat. Every lost laptop in the news raises public awareness of how vulnerable sensitive information can be. It also raises the bar for “reasonable” actions required to protect that data. The scent of money is in the water and the sharks circling. It is only a matter of time before the courts determine the failure to encrypt is unreasonable and let one of the sharks take a bite at a business. This panel will discuss strategies, methods and tools for protecting data and protecting the bottom line.
Panelists:
Gretchen Hellman, Sr. Director of Marketing, Vormetric
Charles Baumert, Senior Product Manager, Ingrian
Ed Gaudet, Sr Vice President Marketing & Corporate Development, Liquid Machines
Mike Alexenko, Executive Director, Strategic Marketing, Seagate Technology
Lark Allen, Executive Vice President, Wave Systems Corp.
http://www.secureworldexpo.com/events/index.php?id=230
http://www.secureworldexpo.com/events/index.php?id=236
Seagate/Wave at Secureworld 2007
Seagate: Platinum Sponsor
Wave Systems will be featured
in Seagate's booth
http://www.wave.com/news/events/070919secureworldexpo/index.html
http://www.secureworldexpo.com/events/index.php?id=244 (Detroit)
http://www.secureworldexpo.com/events/index.php?id=236 (Seattle)
http://www.secureworldexpo.com/events/index.php?id=230 (Dallas)
Sorry if posted,
dude_danny
O.T. Biometric identity system called 'success' in Iraq
http://www.worldtribune.com/worldtribune/WTARC/2007/me_iraq_09_21.asp
Friday, September 21, 2007
BAGHDAD — Iraq has turned to a biometrics identification system to prevent the infiltration of insurgents in the Baghdad government.
Officials said Baghdad has established a database that has been expanding weekly.
Biometrics uses physical or behavioral characteristics to identify people. More than 350,000 sets of fingerprints, photos and retina scans have been deposited in the Iraqi system's database.
Officials said Baghdad, with U.S. assistance, has been operating an automated system to screen civilian workers, police and soldiers, as well as to identify criminals in the military and government.
"It has been a tremendous success," said U.S. Army Lt. Col. John Velliquette, who runs the fingerprint and retina scanning center in Baghdad's International Zone.
"We increase the database by 4,000 to 5,000 each week," Velliquette said.
Officials said the U.S. military has been training Iraqis to operate the biometrics system. They said seven U.S. contractors were mentoring 24 Iraqi government employees to operate the system.
By the summer of 2008, Iraq would solely operate the system, linked to Defense Department's Biometric Fusion Center, in Clarksburg, W. Va. Officials said the system has helped secure Baghdad's International Zone, which contains U.S. and Iraqi military and diplomatic headquarters.
Officials said the identification system has been used to identify criminals. They said the system helps ensure that only authorized individuals carry firearms.
The Iraqi government has issued identification cards to Iraqi police vetted through the biometric program. Officials said Iraqi police officers without a proper biometrics identification card were relieved of their weapons.
"The Iraqi people need to have confidence in their police," Velliquette said.
Discarded Hard Disk Hold Sensitive Data
September 19, 2007
http://news.glam.ac.uk/news/en/2007/sep/19/discarded-hard-disk-hold-sensitive-data/
New research from BT and the University of Glamorgan, Edith Cowan University in Australia and Longwood University in the USA has revealed that a significant number of hard disks which are bought second-hand contain sensitive company and personal information.
Amongst the information found on the analysed disks were salary details, financial company data, bank and credit account details, hospital/medical data, pornography, visa applications and online purchasing details.
The research found that just over 37 per cent of the hard disks still contained personal data. This shows that there has been no significant improvement from the results that were obtained from the research conducted in 2006 and 2005, which showed that the number of disks still containing information was 34 per cent and 52 per cent respectively.
Nevertheless, it reveals that an alarming level of sensitive information is still being released and organisations are still not modifying their procedures to ensure that information is effectively removed before computer disks are disposed of.
Dr Andy Jones, head of security technology research at BT, who led the research, said: “Given the level of exposure that the subjects of security and identity theft has received in recent times and the availability of suitable tools to ensure the safe disposal of information, it is difficult to understand why disks are still not being effectively cleaned before they are disposed of. When organisations dispose of surplus and obsolete computers and hard disks, they must ensure that adequate procedures are in place to destroy any data and also to check that the procedures that are in place are effective – whether they are handled by internal resources or through a third party contractor.”
Dr Andrew Blyth, who leads the research team at the University, added: “It is essential that companies and individuals take the issue of the disposal of information seriously. A number of disks contained a substantial mixture of corporate and personal data suggesting that many users are working on corporate data at home, which raises some serious concerns. There are likely to be millions of hard drives on public sale, right now, that still contain highly confidential material. ”
For a significant proportion of the disks that were examined, the information had not been effectively removed and as a result, both organisations and individuals were exposed to a range of potential crimes. These organisations had also failed to meet their statutory, regulatory and legal obligations.
Three hundred disks were obtained from the UK, Australia, North America and Germany, purchased at computer auctions, computer fairs or online in the respective geographic areas.
Helpfulbacteria or anyone: Do you think Credant is competition to Wave and/or commplimentary to Wave ?
TIA,
dude_danny
CREDANT Technologies and Intel Partner to Provide Enterprise-Grade Management and Compliance Reporting for Intel’s New Danbury Technology Hardware-based Encryption
Wednesday, 19 September 2007
Combined Solution Protects Data Against Insider and External Threats With a Single Point of Management for Policy Administration, Encryption Enforcement, Key Escrow, Data Recovery and Compliance Reporting
Intel Developer’s Forum, SAN FRANCISCO, CA– September, 19, 2007 –CREDANT Technologies, the market leader in mobile data protection solutions, today announced that it has partnered with Intel to provide a single point of management that includes policy administration key escrow, encryption enforcement, data recovery and compliance reporting for Intel’s newly announced Danbury Technology hardware-based encryption. The combined Intel and CREDANT solution is leading the way in helping organizations more easily comply with data breach regulations by managing and enforcing the use of encryption to protect personally identifiable information when a computer or disk is lost or stolen.
In a joint appearance at the Intel Developer’s Forum in San Francisco yesterday, Intel’s Patrick Gelsinger, Senior Vice President, General Manager, Digital Enterprise Group, and CREDANT Technologies’ founder and CEO Bob Heard took the stage to make the announcement. CREDANT, an Independent Software Vendor (ISV) will deliver this functionality as a standard feature in its product, CREDANT Mobile Guardian when Danbury starts shipping in Q3 2008.
“CREDANT’s technology will enhance the Danbury Technology by giving enterprises a powerful encryption and management solution to protect against data breaches,” said Greg Bryant vice president and general manager of Intel’s Digital Office Platform Division. “The combination of our hardware-based encryption and CREDANT’s centralized management is an important step forward for many organizations that must comply with encryption regulations.”
The Privacy Rights Clearinghouse has identified that over 165 million data records of U.S. residents have been exposed due to security breaches since January 2005. As a result, numerous states, local and Federal regulations now require the use of data encryption to protect personally identifiable information. With this release Intel delivers readily available disk encryption that is built into the computer hardware, where it belongs to maximize performance and security for all data that is stored on the disk. CREDANT will provide the management and control infrastructure that will allow IT & security professionals to enforce the use of encryption, more easily recover encrypted data, and provide compliance reporting if a computer or disk is lost or stolen.
“Intel’s security strategy with Danbury Technology is perfectly matched to CREDANT’s solution and strategic direction. Now, our customers will be able to easily and quickly leverage the encryption capabilities of Intel’s Danbury architecture because the management will be seamlessly integrated right into our platform.” said Bob Heard, founder, and CEO of CREDANT Technologies. “The combination of Intel’s hardware-based encryption and our intelligent software encryption creates a compelling solution to protect data against both insider and external threats across all platforms, even removable media. This level of protection coupled with a single point of management for policy administration, encryption enforcement, key escrow, data recovery and compliance reporting is a win-win solution for everyone. ”
“As encryption technologies become pervasive, enterprises require a security solution that allows them to control numerous encryption technologies within one centralized management infrastructure,” said IDC analyst Charles Kolodgy. “Enterprises need a data protection strategy that is secure, reliable, and manageable. This announcement by CREDANT and Intel places them in the forefront of delivering such solutions.”
About CREDANT Technologies
CREDANT Technologies is the market leader in mobile data protection solutions. CREDANT’s secure mobility solutions preserve customer brand and reduce the cost of compliance, enabling business processes to quickly and safely “go mobile.” CREDANT Mobile Guardian is the only centrally managed mobile data protection solution that provides strong authentication, intelligent encryption, usage controls, and key management that guarantee data recovery. By aligning security to the type of user, device and location, CREDANT ensures the audit and enforcement of security policies across all mobile endpoints. Strategic partners and customers include leaders in finance, government, healthcare, manufacturing, retail, technology, and services. In 2007 CREDANT was ranked the No. 1 Fastest-Growing Security Company in the Inc. 500 list of Fastest Growing Private Companies. CREDANT was selected by Red Herring as one of the top 100 privately held companies and top 100 Innovators for 2004, and was named Ernst & Young Entrepreneur Of The Year for 2005. Austin Ventures, Menlo Ventures, Crescendo Ventures, Intel Capital, and Cisco Systems are investors in CREDANT Technologies. For more information, visit www.credant.com.
About Intel
Intel, the world leader in silicon innovation, develops technologies, products and initiatives to continually advance how people work and live. Additional information about Intel is available at www.intel.com/pressroom and blogs.intel.com.
Thanks helfpful, but can you explain this?
http://www.credant.com/content/view/241/130/
Thanks,
dude_danny
IDF/Wave.
Just listened to Patrick Gelsinger, Digital Enterprise Keynote
podcast. Key slides 22-30. Wave Systems on slide 30 along with 5 other Danbury solution providers. Credant CEO was one of several guest on the keynote. Mr. Gelsinger seems REALLY excited about Danbury and McCeary(2nd half of 2008). I think Credant is a Wave partner. Please correct if mistaken.
http://www.intel.com/pressroom/kits/events/idffall_2007/webcasts.htm#
Beware IT risks - or watch your rivals get ahead
Mind the security gap, warns Gartner...
http://software.silicon.com/security/0,39024655,39168475,00.htm
By Tom Espiner
Published: Tuesday 18 September 2007
Business must recognise that failing to handle IT risks puts them at a competitive disadvantage, according to analyst house Gartner.
While IT has become increasingly central to business success, many businesses have not adjusted their processes for IT decision making and risk management, Gartner says.
Analyst Richard Hunter said failure to properly take account of - and plan for - IT risks can affect business agility. "Managements that do understand IT risks are pulling ahead, while those that don't are falling behind and getting eaten," said Hunter. "Uncontrolled IT risk dampens an organisation's ability to compete."
He said businesses that tailor business processes to take account of IT risks find they are better able to integrate systems, for example, after an acquisition, and are more capable of divesting themselves of companies they wish to sell.
Hunter, who was speaking at Gartner's IT Security Summit in London, said: "IT risk has changed. IT risk incidents harm constituencies within and outside companies. [Incidents] damage corporate reputations and expose weaknesses in companies' management teams."
IT managers must convey the consequences of IT risks to the business, said Hunter. "It's not simply a case of saying 'there's a risk that the server might go down'. You have to look beyond to say what that server supports in the business - that, if it goes down, you'll lose $50m in the first week, and be out of business in three weeks."
According to the analyst, a company must ask itself whether its IT systems and business processes will continue running in the event of technology failure, and whether the systems will recover from interruptions. Companies should also ask whether the right people have access to the data they need to do their jobs, and whether the wrong people are blocked from accessing that data.
Hunter asked: "Can the company's IT systems be relied on to provide correct, timely, and complete information that meets the requirements of management, staff, customers, suppliers and regulators? And do the organisation's IT systems possess the capability to change if the company acquires another firm, completes a major business process redesign, or launches a new product or service?"
The analyst said a company needs a solid foundation of IT assets, people, and supporting processes and controls that enable executives to manage the right risks in the right order; a risk governance structure and process that integrates IT risk management into every business decision to identify, prioritise and track risks; and a risk-aware culture, nurtured from the top, that attunes people to the causes and solutions for IT risks and that increases vigilance across the organisation.
IT security breach pitfalls named
Is the iPhone the weakest link?
http://software.silicon.com/malware/0,3800003100,39168465,00.htm
By Gemma Simpson
Published: Tuesday 18 September 2007
Facebook, the iPhone and operating systems were all named and shamed as the weak links in the IT security chain by a group of security experts.
But end users were let off the hook by the CEO of a security company who said immature security tech is a bigger danger than human error.
We have an endless arms race as the hackers get better and better.
-- Joanna Rutkowska, CEO and founder, Invisible Things Lab
Speaking at the Gartner IT Security Summit 2007, Joanna Rutkowska, CEO and founder of security company Invisible Things Lab, said: "The common belief is that once the users are educated [about the hazards of leaving their personal details online] then no other [security] problems will occur but this is not the case."
Rutkowska added: "Today's prevention technology does not always work even if the user is not stupid... We have an endless arms race as the hackers get better and better."
According to Rutkowska, the answer is in building detection and protection software into commercial operating systems to find stealth malware, which is prone to escaping detection. But she said it could be 50 years before commercial operating systems have source code that is 100 per cent safe.
She said: "Detection is still very immature [but] we need a systematic way for checking system compromises. We need to change the operating systems [and] we need the very close help from the operating system vendors to improve detection code."
And it's not only the operating systems that need to be buffed up to beat the hackers.
Also speaking at the summit, John Pescatore, VP and distinguished analyst at Gartner, said consumer applications devices - such as Facebook and the iPhone - will "sneak into" the business world, even though many companies' first reaction will be to ban these sites and devices. Because they can't be managed centrally, the security issues cannot be ignored and must be dealt with now, he said.
Pescatore added: "We knew as soon as we saw the iPhone that [company] managers would want one and read [corporate] emails on this device."
With data breaches hitting the headlines more regularly, Bob Gleichauf, VP and CTO for the Cisco Security Technology Group, also speaking at the Gartner event said security threats are moving to the application area and data loss is now the "number one topic" for security groups.
Gleichauf added peer-to-peer networks are also being used to find corporate data and companies must "build for the fact that our networks are all open networks".
US Air Force sets up Cyber Command
Sep 18 04:11 PM US/Eastern
http://www.breitbart.com/article.php?id=070918201110.nyigxaco&show_article=1
The US Air Force established a provisional Cyber Command Tuesday as part of an expanding mission to prepare for wars in cyberspace, officials said.
The move comes amid concerns over the vulnerability of the US communications and computer networks to cyber attack in a conflict, as well as the military's desire to exploit the new medium.
Air Force Secretary Michael Wynne announced the creation of the new command at Barksdale Air Force Base in Louisiana, where the air force's existing cyber warfare operations are centered.
Officials said the provisional command will pave the way within a year for the creation of the air force's first major command devoted to cyberwarfare operations.
The full Air Force Cyber Command "will train and equip forces to conduct sustained global operations in and through cyberspace, fully integrated with air and space operations," said Major General Charles Ickes.
The US 8th Air Force, headquartered at Barksdale, will continue to conduct day-to-day cyber operations until the Cyber Command is fully operational, officials said.
Copyright AFP 2007, AFP stories and photos shall not be published, broadcast, rewritten for broadcast or publication or redistributed directly or indirectly in any medium
O.T. Dell: Plenty of room to grow in retail and consumer space
That's one way of looking at it
http://hardware.silicon.com/desktops/0,39024645,39168406,00.htm
By Erica Ogg
Published: Tuesday 11 September 2007
Dell CEO Michael Dell, at a San Francisco event to trumpet new storage products for small and medium-size business customers, has spoken out about his company's main business, PC sales, which is also an area in which it's recently struggled.
Dell reiterated his company's assertion that there will be more to come of its recent dabblings in selling desktops and notebooks through retail channels.
"We're going to expand to a number of places," he said. "I would expect over the next quarters you'll see several additional key retailers" that will sell Dell products. Retailers like that the company can deliver small lots of PCs to thousands of locations, he said. Though right now the few models sold retail in the US are pre-configured, he said it was "a possibility" that their retail customers might be able to build their PCs to order as well.
So far Dell has announced retail relationships with Wal-Mart and Sam's Club in the US, Carphone Warehouse in Europe and Bic Camera in Japan. The Wal-Mart experiment has "gone well", according to VP marketing Mark Jarvis, one of the other executives in town for the event. "A number of stores sold out rapidly," he said. They added that though the initial volumes shipped to Wal-Mart were not large, "a full rollout" is coming.
Dell also addressed the struggle to keep up with strong demand for two new notebook models, the XPS M1330, and revamped Inspirons. When asked what customers can look forward to from Dell for the holidays, he remarked, "I think we've excited them a little too much and demand has exceeded supply." He said they would be catching up on the glut of backlogged shipments in "the next few weeks".
On the competition front, Dell said he is "confident we will be able to grow despite consolidation" in the consumer business, referring to Acer's recent acquisition of Gateway. He added that in almost every country except the US his company's presence in the consumer market is only one-tenth of its commercial presence, a difference which will provide Dell with opportunities to grow.
Erica Ogg writes for CNET News.com.
Romney's campaign offices burglarized By GLEN JOHNSON, Associated Press Writer
31 minutes ago
http://news.yahoo.com/s/ap/20070910/ap_on_el_pr/romney_burglary
BOSTON - The campaign headquarters for Republican presidential contender Mitt Romney was burglarized over the weekend and a television and computers stolen.
A campaign spokesman for the former Massachusetts governor described the crime as "a routine burglary" and did not believe it was politically motivated.
"Several laptops and a TV were stolen," said campaign spokesman Eric Fehrnstrom. "All the computers are password-enabled and the hard drives are encrypted. The only thing they're good for is parts."
The Boston Police Department was called to the scene, an office building overlooking Boston Harbor in the city's North End, but a report was not immediately available, said Officer Eddy Chrispin.
The incident is the second of its kind recently involving a presidential contender. Last month a man was arrested and charged with breaking into a Hartford, Conn., office belonging to Sen. Chris Dodd, who is seeking the Democratic presidential nomination.
The accused lived in a city shelter and had a lengthy arrest record, and a city police official said that crime likely was prompted to support a drug habit.
A burglary at the Democratic National Committee headquarters at the Watergate building in Washington on June 17, 1972, triggered a coverup that ultimately led to the resignation of President Richard M. Nixon.
ISSE/Secure 2007 Poland
http://www.isse.eu.com/ISSE-07_Programm.pdf
*May have been posted...
Technical Aspects of Data Protection
Chair: Katalin Egri, Data Protection Expert, Office of the
Data Protection Commissioner, Hungary
Modern Approach to IT security
Chair: Piotr Kijewski, NASK/CERT Polska
Data encryption on file servers
Janusz Gebusia, Technology Consultant, HP,
Netherlands
How to integrate upcoming encryption solutions (such as
Microsoft Bitlocker or Seagate FDE) into a
comprehensive security approach utilizing one central
key management
Ansgar Heinen, Head of Product Marketing, Utimaco
Safeware AG, Germany
Distributed trusted computing: a breakthrough in
enterprise security
Alexander W. Koehler, CEO, ICT Economic Impact Ltd, Germany
Infrastructure for trusted computing in search of a
solution
Claire Vishik, EMEA Trust/Security Standards and
Regulations Manager, Intel Corporation, UK
Vista: Can Service Pack 1 spur adoption?
Microsoft certainly hopes so...
http://software.silicon.com/os/0,39024651,39168337,00.htm
By Ina Fried
Published: Tuesday 4 September 2007
The first Vista service pack may serve dual purposes for Microsoft: fixing the operating system's rough edges while simultaneously indicating that it's ready for mass adoption.
Microsoft initially downplayed the importance of service packs in an era where patches are easily available online. Also, the company urged businesses not to wait for a service pack to start testing and rolling out Vista.
Nonetheless, in announcing its plans to release Service Pack 1 early next year, Microsoft is noting that the milestone remains an important signal for some businesses that the OS has reached a level of maturity.
Many analysts have consistently advised companies to hold off on Vista deployments until the first service pack's arrival.
Shanen Boettcher, a general manager in the Windows unit, said: "There's always a portion of the market that has that MO [modus operandi]."
By talking about SP1, Microsoft hopes to sway some businesses that have yet to move forward in any fashion to start at least testing the OS.
Boettcher said: "I would expect that we will see a little bit of an increase."
Microsoft has said it expects businesses to move to Vista at twice the rate that they did with XP over its first 12 months. However, Al Gillen, an analyst at IDC, said businesses seem to be moving at generally the same pace as with previous releases. "From what we can see, the adoption curve is running much like past releases," he said.
In part, that's because so much goes into upgrading the OS, Gillen said. Companies have to test it against their custom and packaged software, do security reviews, make sure they have enough machines capable of running the new operating system, and then budget for the hardware, software training and support costs.
Gillen added: "Customers drag their feet."
While most businesses have yet to start deploying Vista in significant numbers, Microsoft is touting a few large companies that have started putting the operating system onto a sizable number of desktops. Infosys, for example, has 4,000 PCs running Vista now, with plans for 20,000 by the year's end. Citigroup, Charter Communications and Continental Airlines all have more than 2,000 machines on Vista and plan to have 10,000 machines running the operating system by the year's end.
But, said Gillen, these early adopters "are really the exception and not the norm".
Boettcher said the adoption rate so far among businesses "is about how we expected it to be".
As for the company's goal of doubling adoption, he said: "It's still early to declare victory... All the signs are we are doing well versus our goal."
Gillen said the timing of the service pack probably hasn't made a huge impact on when businesses move to Vista. "If they had brought SP1 out in the first three to six months after the release, I don't think that would have dramatically changed the adoption," he said.
What's unclear is whether Service Pack 1 will help to dispel the notion that the operating system still has too many glitches and hitches to justify the effort of migration. Even some who were initially bullish on the OS, have lately criticised its trouble spots.
Microsoft says it now has better driver support and compatibility with existing software than it did at Vista's launch, which could help businesses justify making the move.
The company openly admits that the stars didn't align for a big-bang Vista launch - reminiscent of Windows 95's debut - that it clearly hoped for. Corporate vice president Mike Sievert said in an interview at Microsoft's recent partner conference in Denver: "Frankly, the world wasn't 100 per cent ready for Windows Vista. That has changed in a very material way in the past six months."
Gillen said it is good to see Microsoft also commit to a timetable for Windows XP Service Pack 3, which is due out in the first half of next year. "It's a nice indication that they are not trying to subtly coerce customers to move forward onto Windows Vista."
Ina Fried writes for CNET News.com
Juniper Networks Announces the Release of a Comprehensive Network Security Reference Guide "Security Power Tools"
In-depth Resource for all Levels of Security Researchers
http://www.juniper.net/company/investor/announcement.html
http://www.oreilly.com/catalog/9780596009632/
http://www.oreilly.com/catalog/9780596009632/toc.html
SUNNYVALE, Calif. - Aug. 29, 2007 – Juniper Networks, Inc. (NASDAQ: JNPR), the leader in high-performance networking, today announced the release and availability of "Security Power Tools." Co-authored by members of the Juniper Networks Security Engineering team and guest experts, this intuitive guide reveals how to use, tweak, and push the most popular network security applications, utilities and tools available for Windows, Linux and Mac OS X operating system environments. Designed as a reference guide, "Security Power Tools" offers readers insight into multiple network security approaches via 23 cross-referenced chapters that review the best security tools in the industry for both attack and defense.
"Security Power Tools" covers an impressive array of issues, including exploits, rootkits, network attack monitoring, reverse engineering binaries, vulnerability scanning and wireless penetration. Attacks, as well as defenses, are dissected and each is complemented with tips, tricks and "how-to" advice. Depending on the particular tool being discussed, expertise levels range from command-line operation to advanced programming of self-hiding exploits.
"The 'Security Power Tools' book presents more than the simple two-page summary of what any given tool does, it provides readers with a deeper understanding of how these tools are used," said Avishai Avivi, director of the Juniper Networks Security Engineering and Research group. "When we were approached to co-author this book, I knew that our team's in-depth knowledge and expertise of these tools through years of working with them would be a perfect fit. This is a must-read guide for anyone in the network security field."
Published by O'Reilly Media, "Security Power Tools" is available world-wide wherever technical books are sold. For more information, to read a sample chapter, or on other books written by Juniper Networks engineers and authors, visit www.juniper.net/books. For more information from O'Reilly Media, visit www.oreilly.com/catalog/9780596009632.
About the Authors
Nicolas Beauchesne, Bryan Burns, Christopher Iezzoni, Paul Guersch, Dave Killion, Michael Lynn, Steve Manzuik, Eric Markham, Eric Moret, and Julien Sobrier are all part of Juniper's Security Engineering Team led by Avishai Avivi. Philippe Biondi is a research engineer at EADS Innovation Works and the creator of many security tools and programs, such as Scapy and ShellForge. Jennifer Stisa Granick has been the Executive Director of the Center for Internet and Society at Stanford Law School, where she taught Cyberlaw, and recently became the Civil Liberties Director with the Electronic Frontier Foundation.
About Juniper Networks, Inc.
Juniper Networks, Inc. is the leader in high-performance networking. Juniper offers a high-performance network infrastructure that creates a responsive and trusted environment for accelerating the deployment of services and applications over a single network. This fuels high-performance businesses. Additional information can be found at www.juniper.net.
Juniper Networks and the Juniper Networks logo are registered trademarks of Juniper Networks, Inc. in the United States and other countries. All other trademarks, service marks, registered trademarks, or registered service marks are the property of their respective owners.
NIST/SBA/FBI free seminar 8/24/07
http://www.conyers-rockdale.com/downloads/Online_Forms/ga_SecuritySeminar.pdf
dude_danny
O.T. Monster kept quiet on data breach for days
Hack attack harvested info from 1.3 million CVs...
http://software.silicon.com/security/0,39024655,39168257,00.htm
Published: Friday 24 August 2007
Show related
articlesMonster.com waited five days to tell its users about a security breach that resulted in the theft of confidential information from some 1.3 million job seekers, a company executive has said.
Hackers broke into the US online recruitment site's password-protected CV library using credentials that Monster Worldwide said were stolen from its clients, in one of the biggest internet security breaches in recent memory.
They launched the attack using two servers at a web-hosting company in Ukraine and a group of personal computers that the hackers controlled after infecting them with a malicious software program known as Infostealer.Monstres, said Patrick Manzo, vice president of compliance and fraud prevention for Monster.
The company first learned of the problem on 17 August, when investigators with internet security company Symantec told Monster it was under attack, Manzo said.
He said: "In terms of figuring out what the issue was, that was a relatively quick process. The other issue is you want to make sure exactly what you are dealing with."
His security team spent the weekend investigating, located the rogue servers, and got the web-hosting company to shut them down some time either late in the evening on 20 August, or early in the morning of 21 August, he said.
Manzo also said that based on Monster's review, the information stolen was limited to names, addresses, phone numbers and email addresses, and no other details including bank account numbers were uploaded.
On 21 August, Symantec published a report on its website that said it had found copies of scam emails that the engineers of the attack were using, with the aim of getting information that was more valuable than just names, addresses and phone numbers of Monster.com users.
Pretending to be sent through Monster.com from job recruiters, the emails asked recipients to provide personal financial data including bank account numbers. They also asked users to click on links that could infect their PCs with malicious software.
Their ultimate goal in taking the data from Monster.com was to gain enough personal information to lower the guards of target victims when they read the emails, said Patrick Martin, a senior product manager with the Symantec's response team in Austin, Texas, which first identified the attack.
He said: "It gives these spam emails just a little bit of credibility. These guys were trying to get financial information from people."
It wasn't until a day after Symantec issued that report on its website that Monster began to tell users about the data theft. In a notice posted on Monster.com on Wednesday, the job-search site warned that users might be the target of email scams.
The following day, Monster then announced that the details of some 1.3 million job seekers had been stolen. Fewer than 5,000 of those 1.3 million users affected are based outside the US, it said in a statement.
Hacking a Mac 'just works', says researcher
Insecurity, insecurity, insecurity...
http://software.silicon.com/security/0,39024655,39168138,00.htm
By Robert Vamosi
Published: Tuesday 14 August 2007
Show related
articlesMacs are as easy to hack as they are to use, according to security researcher Charles Miller.
Miller and his colleagues at Independent Security Evaluators discovered the first known vulnerability within the Apple iPhone.
During his presentation, 'Hacking Leopard: Tools and techniques for attacking the newest Mac OS X', at the recent Black Hat Briefings, Miller said that for some reason the Mac OS has more than 50-plus 'Suid' root programs.
Suid stands for "set user ID" and is used to temporarily elevate privileges to perform a specific task such as running executables.
Given the root access provided by these tools, they provide at least one vector for attack.
Another vector is Safari, which when opened also opens several applications including: Address Book, BOMArchiveHelper, Dictionary, DiskImageMounter, Finder, Help Viewer, iCal, iChat, iPhoto, iTunes, Keynote, Mail, Preview, QuickTime Player, Script Editor, Sherlock and Terminal.
A flaw in any one of these could be easily exploited over the web. That's because Apple's operating system doesn't randomise the location of the stack, the heap, the binary image or the dynamic libraries, meaning an attacker would know where in memory these applications are loaded on almost every machine running Mac OS X.
Open source is yet another vector for new attacks on Apple Macs.
Miller said that on 31 July Apple did update its version of Samba - but that was the first time in two and a half years, and the latest version still fell short of the current open-source version.
Miller said his formula for finding a zero-day flaw on a Mac is this: "Find an open source package that they use that's out of date - there's, like I said, plenty of those."
He then suggested reading through the change log for the current version of any of the above open source software to find a useable bug that's been fixed in the newer version but still vulnerable to Mac OS X users.
Miller said by doing this, "you won't have to worry about static analysis or fuzzing or any of that stuff".
Several attempts to contact Apple for comment on this story went unanswered.
O.T. Nokia Exiting Chips Means Broadcom, STM Might Cash In
Friday August 10, 7:00 pm ET
James Detar
http://biz.yahoo.com/ibd/070810/tech.html?.v=1
Nokia, the world's No. 1 cell phone maker, got to play kingmaker last week.
The Finnish company, which has made many of the chips that go into its handsets, said it would exit the chip business. And it chose STMicroelectronics (NYSE:STM - News), Broadcom (NasdaqGS:BRCM - News) and Infineon Technologies (NYSE:IFX - News) as new suppliers for cell phone chips that include DSPs, or digital signal processors.
The moves represent a seismic shift in the cell phone chip industry, several analysts say.
"This rearranges who the big makers of DSP silicon will be," said Will Strauss, president of research firm Forward Concepts. Cell phones are the biggest market for DSPs, he says.
"STMicro and Broadcom have been relatively small players, and now they're elevated to world-class status," Strauss said.
Longtime Nokia (NYSE:NOK - News) chip supplier Texas Instruments (NYSE:TXN - News), which with Qualcomm (NasdaqGS:QCOM - News) ranks as the top cell phone chipmaker, sees its status diminished. Qualcomm, too, will likely find itself competing more with Nokia.
What Nokia does strongly affects the cell phone market. In the second quarter, Nokia shipped 100.8 million cell phones, more than triple the next three largest makers combined, says research firm IDC.
Research firm iSuppli reports total sales of the main chips in cell phones -- the chips are a type of DSP called "baseband," which enable voice communication -- of $2.8 billion in the first quarter. That doesn't include memory and other chips found in cell phones.
The impact on Texas Instruments is uncertain. TI has been Nokia's primary outside chip supplier. Nokia will continue to buy chips from TI, but last week's announcement adds the new suppliers.
Nokia made its announcements early Wednesday. Since then, Broadcom shares have risen 9.4%, despite the huge downturn on Thursday, while STMicro shares have risen 3.3%. Qualcomm shares fell 6.4%, and TI's fell 2.7%. Infineon, which last week terminated its contract with its chief financial officer, fell 3.2%.
Nokia's announcement had four basic parts.
First, it awarded a contract to STMicro to make its 3G, or third-generation, cell phone chips. It will sell to STMicro the unit within Nokia that now makes those chips. That unit also will develop new cell phone chips for Nokia.
Second, Nokia awarded a contract to Broadcom to design a new cell phone chip based on the Enhanced Data rates for GSM Evolution, or EDGE, standard. This is a 2.5G standard. Broadcom will also provide a companion power management chip.
Third, Nokia says from now on it will have more than one supplier for all key parts of its phones. Until now, it's mainly relied on its own chips and on Texas Instruments.
"TI had the pie to themselves," said American Technology Research analyst Shaw Wu. "Now Nokia has split it into many pieces."
Finally, Nokia says it will now license its chip technology to others. Qualcomm has been the biggest licenser of handset technology. There are two main technical standards in cell phones, GSM and CDMA. Most of Qualcomm's business is in CDMA, while Nokia focuses on GSM. But as wireless evolves, the boundaries between the two standards are getting fuzzier.
In the meantime, Qualcomm faces some big legal battles. On Monday, it was on the losing end when the Bush administration declined to veto a ruling by the International Trade Commission that favors Broadcom in a major patent dispute with Qualcomm.
Having to compete with Nokia on cell phone licensing could force Qualcomm to cut its licensing fees, analyst Strauss says.
The new pact is a huge opportunity for STMicro, says Tommi Uhari, a company executive vice president. It gives STMicro a foot in the door to sell other products to Nokia, he told IBD.
"We own the core, the multimedia processor," he said. "And we are now able to attach the peripherals and to build a bigger platform."
Peripherals made by STMicro include Bluetooth wireless chips and camera chips.
The accord also calls for Nokia to transfer some 200 employees to STMicro. The employees, based in Finland and the U.K., will move over to STMicro in the fourth quarter, the companies say. STMicro is based in Switzerland.
DELL IT EVENTS in Europe/Germany Autumn 2007
http://tst.dell-events.com/2007/autumn/germany/index.php
http://tst.dell-events.com/2007/autumn/
It seems like Dell is pushing Europe big in 2007 both Spring and Autumn. I believe last year 2006 the Dell's tour was only in Autumn.
dude_danny
In China, a High-Tech Plan to Track People
http://www.nytimes.com/2007/08/12/business/worldbusiness/12security.html?ei=5065&en=2d7edb61ed14...
By KEITH BRADSHER
SHENZHEN, China, Aug. 9 — At least 20,000 police surveillance cameras are being installed along streets here in southern China and will soon be guided by sophisticated computer software from an American-financed company to recognize automatically the faces of police suspects and detect unusual activity.
Starting this month in a port neighborhood and then spreading across Shenzhen, a city of 12.4 million people, residency cards fitted with powerful computer chips programmed by the same company will be issued to most citizens.
Data on the chip will include not just the citizen’s name and address but also work history, educational background, religion, ethnicity, police record, medical insurance status and landlord’s phone number. Even personal reproductive history will be included, for enforcement of China’s controversial “one child” policy. Plans are being studied to add credit histories, subway travel payments and small purchases charged to the card.
Security experts describe China’s plans as the world’s largest effort to meld cutting-edge computer technology with police work to track the activities of a population and fight crime. But they say the technology can be used to violate civil rights.
The Chinese government has ordered all large cities to apply technology to police work and to issue high-tech residency cards to 150 million people who have moved to a city but not yet acquired permanent residency.
Both steps are officially aimed at fighting crime and developing better controls on an increasingly mobile population, including the nearly 10 million peasants who move to big cities each year. But they could also help the Communist Party retain power by maintaining tight controls on an increasingly prosperous population at a time when street protests are becoming more common.
“If they do not get the permanent card, they cannot live here, they cannot get government benefits, and that is a way for the government to control the population in the future,” said Michael Lin, the vice president for investor relations at China Public Security Technology, the company providing the technology.
Incorporated in Florida, China Public Security has raised much of the money to develop its technology from two investment funds in Plano, Tex., Pinnacle Fund and Pinnacle China Fund. Three investment banks — Roth Capital Partners in Newport Beach, Calif.; Oppenheimer & Company in New York; and First Asia Finance Group of Hong Kong — helped raise the money.
Shenzhen, a computer manufacturing center next to Hong Kong, is the first Chinese city to introduce the new residency cards. It is also taking the lead in China in the large-scale use of law enforcement surveillance cameras — a tactic that would have drawn international criticism in the years after the Tiananmen Square killings in 1989.
But rising fears of terrorism have lessened public hostility to surveillance cameras in the West. This has been particularly true in Britain, where the police already install the cameras widely on lamp poles and in subway stations and are developing face recognition software as well.
New York police announced last month that they would install more than 100 security cameras to monitor license plates in Lower Manhattan by the end of the year. Police officials also said they hoped to obtain financing to establish links to 3,000 public and private cameras in the area by the end of next year; no decision has been made on whether face recognition technology has become reliable enough to use without the risk of false arrests.
Shenzhen already has 180,000 indoor and outdoor closed-circuit television cameras owned by businesses and government agencies, and the police will have the right to link them on request into the same system as the 20,000 police cameras, according to China Public Security.
Some civil rights activists contend that the cameras in China and Britain are a violation of the right of privacy contained in the International Covenant on Civil and Political Rights.
Large-scale surveillance in China is more threatening than surveillance in Britain, they said when told of Shenzhen’s plans.
“I don’t think they are remotely comparable, and even in Britain it’s quite controversial,” said Dinah PoKempner, the general counsel of Human Rights Watch in New York. China has fewer limits on police power, fewer restrictions on how government agencies use the information they gather and fewer legal protections for those suspected of crime, she noted.
While most countries issue identity cards, and many gather a lot of information about citizens, China also appears poised to go much further in putting personal information on identity cards, Ms. PoKempner added.
Every police officer in Shenzhen now carries global positioning satellite equipment on his or her belt. This allows senior police officers to direct their movements on large, high-resolution maps of the city that China Public Security has produced using software that runs on the Microsoft Windows operating system.
“We have a very good relationship with U.S. companies like I.B.M., Cisco, H.P., Dell,” said Robin Huang, the chief operating officer of China Public Security. “All of these U.S. companies work with us to build our system together.”
The role of American companies in helping Chinese security forces has periodically been controversial in the United States. Executives from Yahoo, Google, Microsoft and Cisco Systems testified in February 2006 at a Congressional hearing called to review whether they had deliberately designed their systems to help the Chinese state muzzle dissidents on the Internet; they denied having done so.
China Public Security proudly displays in its boardroom a certificate from I.B.M. labeling it as a partner. But Mr. Huang said that China Public Security had developed its own computer programs in China and that its suppliers had sent equipment that was not specially tailored for law enforcement purposes.
The company uses servers manufactured by Huawei Technologies of China for its own operations. But China Public Security needs to develop programs that run on I.B.M., Cisco and Hewlett-Packard servers because some Chinese police agencies have already bought these models, Mr. Huang said.
Mr. Lin said he had refrained from some transactions with the Chinese government because he is the chief executive of a company incorporated in the United States. “Of course our projects could be used by the military, but because it’s politically sensitive, I don’t want to do it,” he said.
Western security experts have suspected for several years that Chinese security agencies could track individuals based on the location of their cellphones, and the Shenzhen police tracking system confirms this.
When a police officer goes indoors and cannot receive a global positioning signal from satellites overhead, the system tracks the location of the officer’s cellphone, based on the three nearest cellphone towers. Mr. Huang used a real-time connection to local police dispatchers’ computers to show a detailed computer map of a Shenzhen district and the precise location of each of the 92 patrolling officers, represented by caricatures of officers in blue uniforms and the routes they had traveled in the last hour.
All Chinese citizens are required to carry national identity cards with very simple computer chips embedded, providing little more than the citizen’s name and date of birth. Since imperial times, a principal technique of social control has been for local government agencies to keep detailed records on every resident.
The system worked as long as most people spent their entire lives in their hometowns. But as ever more Chinese move in search of work, the system has eroded. This has made it easier for criminals and dissidents alike to hide from police, and it has raised questions about whether dissatisfied migrant workers could organize political protests without the knowledge of police.
Little more than a collection of duck and rice farms until the late 1970s, Shenzhen now has 10.55 million migrants from elsewhere in China, who will receive the new cards, and 1.87 million permanent residents, who will not receive cards because local agencies already have files on them. Shenzhen’s red-light districts have a nationwide reputation for murders and other crimes.
Vista: Just how many copies have been sold?
That'll be 60 million - give or take 20 million...
By Colin Barker
http://software.silicon.com/os/0,39024651,39167999,00.htm
Published: Tuesday 31 July 2007
Microsoft has declined to confirm statistics from its chief operating officer on the number of copies of Windows Vista it has sold, throwing into confusion how successful the operating system has been.
COO Kevin Turner told financial analysts last week that "60 million units have been sold of Windows Vista into the marketplace".
But, approached by silicon.com sister site ZDNet UK for confirmation, Microsoft could only confirm it had sold 40 million, saying the last figure is two months old.
If Microsoft's figures are to be believed, this means Vista sales are flat. Turner's figures mean 20 million copies of Vista have been sold, on a wholesale basis at least, over the last two months, with 40 million sold in the first four months since the consumer launch in January.
But, despite the uncertainty, Turner seized the opportunity for a spot of publicity. "By our math, we eclipse the entire installed base of Apple in the first five weeks that this product shipped," he said.
A Microsoft spokesperson added: "Windows Vista is on track to be the fastest-selling operating system in Microsoft's history. IDC says that, for every dollar of Microsoft revenue from Windows Vista in 2008, the ecosystem beyond Microsoft will reap approximately $22 [£11]."
O.T. Dell to sell more Linux PCs
Ubuntu for all
Tags: pcs, dell, linux, ubuntu
http://hardware.silicon.com/desktops/0,39024645,39167986,00.htm
Published: Monday 30 July 2007
Dell will soon offer more PCs that use the Linux operating system as opposed to Microsoft Windows, said the founder of a company that offers Linux support services.
Mark Shuttleworth, who created the Ubuntu version of Linux and founded Canonical to provide support for it, said Dell is happy with the demand it has seen for Linux PCs, which Dell introduced in May.
Dell, the world's second-largest PC maker after HP, now offers five consumer PCs that run Ubuntu Linux.
Shuttleworth said: "What's been announced to date is not the full extent of what we will see over the next couple of weeks and months. There are additional offerings in the pipeline."
Dell spokeswoman Anne Camden declined comment, saying the company does not discuss products in the pipeline. She added that Dell has been pleased with customer response to its Linux PCs.
Shuttleworth said his company is not in discussions with HP or any of the other top five PC makers to introduce machines equipped with Ubuntu. The other three top PC makers are Lenovo, Acer and Toshiba.
Third Parties Fumble Data Handoffs
http://www.darkreading.com/document.asp?doc_id=130101&WT.svl=news1_3
JULY 26, 2007 | Companies are learning -- the hard way -- that the security chain is only as good as its weakest link.
In the past few days, two major organizations have suffered breaches of their constituents' personal data -- not because of something they did, but because of something their partners did.
The U.S. Marine Corps today reported that the personal information of some 10,000 leathernecks, including names and Social Security numbers, has been exposed to potential identity theft. The data was improperly posted on the Web by a university that was studying the Marines' marksmanship, the Corps said.
The announcement comes on the heels of a breach reported by St. Vincent hospital in Indianapolis, where the personal information of some 51,000 patients was exposed when a third-party technician made a mistake in updating one of the hospital's Internet servers.
Although the two breaches are very different, they both demonstrate that breaches can be caused by errors made outside the organization. As part of a study on the effects of live fire on marksmanship, the Marines gave researchers at Penn State University the rifle range requalification records of some 10,000 leathernecks who attended Marine Corps Recruit Depot at Parris Island, S.C., from January 2004 through December 2006.
According to a report in Marine Times, the data on 10,554 Marines was "improperly posted" to an Internet server and was cached by the Google search engine. The problem was discovered when one of the affected Marines Googled his own name and found the file on the Web.
Marines officials say Penn State has taken the data down, but that the information had been exposed "for 10 or 11 days."
St. Vincent, in its breach case, had subcontracted Verus Inc. to set up a program that would allow patients to pay bills online, according to a report by Channel 6 News in Indianapolis.
"The Verus technician made a change to the Internet server, which left some of our patient information online, unprotected," said Johnny Smith, a spokesman for St. Vincent. The data was exposed for a "brief time," and it is possible that no one accessed it, officials said.
Verus was also blamed in the breach of some 9,000 patient records at Concord Hospital in New Hampshire just last month, according to a report in The Concord Monitor.
Aflac Loses Data on 152,000
http://www.darkreading.com/document.asp?doc_id=130188
JULY 27, 2007 | A laptop stolen from one of Aflac's sales agents in Japan contains the personal data of more than 152,000 of the insurance company's customers, officials said yesterday.
American Family Life Assurance Co. said Thursday that an employee of Tsusan Co., one of its Japanese sales agents, reported the laptop stolen while traveling on a commuter train July 17. The company did not tell the media about the theft immediately because it had hoped to get an apology letter out to the affected customers first, officials said.
The laptop contained personal data on 152,758 insurance policyholders, including their names, addresses, policy details, and dates of birth. The data did not include bank account numbers or information about the patients' health, the officials said.
Aflac has seen no indication thus far that the data has been used. An Aflac official said it would be "difficult" for an outsider to access the data because "all of the information was password-protected and encrypted." The company did not offer details on how the passwords or encryption were configured.
Aflac, which gets three quarters of its revenue from Japan, insures about a quarter of the population there and has more than 40 million customers around the world, according to a Bloomberg report.
Web security breach exposes 54,000 card details
Newcastle City Council admits to blunder
By Andy McCue
http://www.silicon.com/research/specialreports/riskmanagement/0,3800013989,39167978,00.htm
Published: Friday 27 July 2007
A security blunder at Newcastle City Council has exposed the credit and debit card details of up to 54,000 people online.
The breach was discovered on 19 July after the council hired an independent security expert to try and crack its systems. The security exercise found an encrypted file containing names, addresses, and credit and debit card numbers had been mistakenly placed on an insecure server.
An internal investigation also revealed the file with all the card details had been accessed and uploaded to a computer IP address registered in Israel. Newcastle City Council claims there is no indication of any fraud on the affected cards.
The file contained details of payments for council tax, business rates, parking fines and rents for more than a year between February 2006 and April 2007. The council has informed the banks, police and the Information Commissioner about the breach and said a full investigation into the security breach is underway.
He said: "It's a question of resources. There could be up to 54,000 people affected. It is up to cardholders themselves - it is best for people to keep an eye on their credit and debit card statements and notify the banks of anything suspicious straight away."
Earlier this month silicon.com launched its Full Disclosure campaign calling for the government to consider legislation that would require organisations that suffer information security breaches to alert their customers if there is a chance the breach has put individuals' sensitive personal data at risk. Such laws are already enforced in many states in the US. Click here to sign the Downing Street petition calling for it to be introduced in the UK.
Newcastle City Council said it closed down the insecure computer servers straight away, tightened security and is now "fully confident" it is safe to continue taking credit and debit card payments.
Councillor John Shipley said in a statement: "This is an extremely serious breach, which I was shocked to hear about. My first concern is that every possible measure should be put in place now to protect people whose data might have been compromised, and we have communicated this to the banks and credit card companies."
Newcastle City Council CEO Ian Stratford added in a statement: "We very much regret that this situation has developed, although we would again stress that there has been no indication of any fraud or loss, and that we spotted this situation through the thoroughness of our own security and checking systems."
Data breach rules 'creating uncertainty for execs'
Full Disclosure: Businesses must join the debate, says top lawyer
http://management.silicon.com/itdirector/0,39024673,39167926,00.htm
Tags: privacy, disclosure, legislation, data breach
By Steve Ranger
Published: Tuesday 24 July 2007
Current rules about when companies have to report customer data leaks are creating uncertainty for executives, and business leaders must join the debate on whether a change of law is needed, according to a top lawyer.
Earlier this month silicon.com launched its Full Disclosure campaign, calling for the government to consider legislation that would require organisations that suffer information security breaches to alert their customers if there is a chance the breach has put individuals' sensitive personal data at risk.
According to James Mullock, data protection partner at law firm Osborne Clarke, at the moment the rules around when - and who - to notify after a data breach vary from industry to industry.
Mullock told silicon.com: "We've got a situation where different obligations are put on some companies but not on others depending on the sector they are in, and that creates a lot of uncertainty."
He said there needs to be a wide-ranging debate and the business community needs to get involved.
Mullock said: "At the moment there is a multi-tier set of requirements and your average company director will find it extremely complex. They have so many influencing factors to think about not least the fact that they potentially face personal liability under the Data Protection Act and the Fraud Act for the failures of their company. If we have a well-managed debate and change in the law it should actually help companies decide what to do in the event of a security breach."
For there to be a change in the law the industry needs to think about when any such obligations to notify would apply, and how any change to the law would be drafted so it wouldn't become a bureaucratic nightmare, he added.
Hack infiltrates government, corporate systems
US Department of Transportation, HP and others targeted...
http://software.silicon.com/security/0,39024655,39167873,00.htm
Published: Wednesday 18 July 2007
Hackers stole information from the US Department of Transportation and several US corporations by seducing employees with fake job listings on ads and email, a computer security firm said on Monday.
The list of victims included several companies known for providing security services to government agencies.
They include consulting firm Booz Allen, HP, satellite network provider Hughes Network Systems, a unit of Hughes Communications, and computer services company Unisys, said Mel Morris, CEO of British internet security provider Prevx.
HP declined comment, while officials with other companies couldn't be reached for comment. A Department of Transportation spokeswoman said the agency couldn't find any indication of a security breach.
Malicious programs were able to pass sophisticated security systems undetected because that software hadn't been instructed that they were dangerous. Hackers targeted only a limited group of personal computers, which kept traffic down and allowed them to stay under the radar of security experts, Morris said.
It was not clear whether the hackers used information stolen from the personal computers, Morris said.
Internet security firms began to release patches to fight the malicious software on Monday night.
A piece of software, NTOS.exe, was used to probe the PCs for confidential data, then send it to a website hosted on Yahoo! That site's owner was probably unaware that it was being used by hackers, Morris said.
The website hosted data that had been stolen from more than 1,000 PCs and encrypted before it was posted on the site, according to Morris.
He said that he believes the hackers have set up several sister websites that are collecting similar data from other squadrons of malicious software.
Officials with Yahoo! weren't available for comment.
Morris said that he had downloaded the data from the website and decrypted it at the request of investigators from the FBI's Law Enforcement Online, or LEO, program, who were looking into the matter.
Intel signs up to $100 laptop
Even though AMD is already on board...
By Tom Krazit
http://hardware.silicon.com/desktops/0,39024645,39167844,00.htm
Published: Monday 16 July 2007
After years of squabbling, Intel and Nicholas Negroponte have agreed to put their differences behind them and join forces in bringing PCs to children around the world.
Negroponte's One Laptop Per Child (OLPC) project is bringing Intel on board as a partner and a possible future supplier, the two entities announced. Intel will become the 11th member of the OLPC's board, joining other companies such as eBay, Google, Nortel and Intel's bitter rival AMD.
The OLPC's mission is to put laptop computers in the hands of children around the world, in the hope that access to technology will help improve the education of millions growing up in developing nations. The XO laptop at the heart of the project costs about $175 to produce but Negroponte, founder of the not-for-profit OLPC, thinks they will sell for about $100 once production starts in earnest later this year.
Just a few weeks ago, the notion of Intel and Negroponte working together would have seemed absurd. Negroponte's almost evangelical approach to the OLPC project and Intel's determination to grab a piece of the emerging PC market has produced rancour on both sides over the past few years.
Intel chairman Craig Barrett has been the public face of the company's work on its Classmate PCs for emerging nations, and he has been very dismissive of the OLPC project in the past, calling it "the $100 gadget". And in a May interview with 60 Minutes, Negroponte accused Intel of dumping Classmate PCs way below cost in order to win deals with local governments and sabotage Negroponte's dreams of bringing PCs to the world's poor children.
The dispute appeared petty at times, beneath both the world's largest chipmaker and the co-founder of the Media Laboratory at the Massachusetts Institute of Technology. After all, there's unfortunately no shortage of poor children in the world who have yet to realise the power of the personal computer, and the developed world is big enough to support a huge PC industry with dozens of rich players.
After some discussion, the two groups realised they had more in common than they had in dispute, said Will Swope, a corporate vice president and general manager of corporate affairs at Intel. "We're trying to accomplish the same thing," he said.
Intel's immediate effect on the OLPC project will be to improve the open source software that ships with the XO laptop, said Walter Bender, president of software and content for the OLPC. "Intel has got a very strong team in Linux and open source," he said.
Intel is currently wooing developing nations with Classmate PCs that are available with either Linux and Windows, part of the chipmaker's continual dance between Microsoft - its closest partner - and the desire of some customers for open source software. But the OLPC is an avowed open source supporter, giving Intel a broader outlet for the work produced by its collection of open source software engineers. The company said it has no plans to stop selling its Classmate PCs, despite its backing for the OLPC machine.
At some point, Intel also wants its chips to be inside the XO laptop, Swope said. "We are going to try to win the XO business but it's the OLPC's decision. We haven't won the business as a result of this agreement."
At the moment, AMD is the silicon supplier for the XO laptop. This appeared to be at least part of the reason behind Intel's disdain for the OLPC project as well as Negroponte's suspicions that Intel wanted to lock him out of certain countries.
In the developed world, the PC market is rapidly maturing, eroding the growth rates that Wall Street loves so much. As a result, both AMD and Intel see a huge source of future earnings in the millions of people who have yet to buy a PC. The companies would rather attribute their efforts to a humanitarian desire to help the world but shareholders like profits, too.
AMD said it is undeterred by the news its rival is joining forces with the OLPC, despite the prospect of a few awkward board meetings at some point in the future. Rebecca Gonzales, AMD's senior manager of business development for high-growth markets, said: "Right now, we see no change in the way AMD will participate with OLPC. We welcome [Intel] to the table."
Tell customers about data breaches, companies urged
Full Disclosure: Power to the people...
By Gemma Simpson
http://www.silicon.com/publicsector/0,3800010403,39167832,00.htm
Published: Monday 16 July 2007
UK companies should warn customers if their personal data has been put at risk, according to the National Consumer Council (NCC).
Speaking at a Westminster eForum event, Anna Fielder, policy consultant with the NCC, said UK companies should produce security breach notifications, which inform an individual if their data has been compromised.
But not all the eForum panellists agreed with the introduction of breach notifications. Gillian Key-Vice, director of regulatory affairs with credit company Experian, said if a breach has been managed properly there is no need for such notifications because they would cause "unnecessary concern" among the public.
More than four-fifths of UK consumers think companies that suffer data security breaches should let their customers know, according to a recent survey.
Also speaking at the Big Brother Britain? ID cards, surveillance and data security seminar, Jonathan Bamford, assistant commissioner for the Information Commissioner's Office, told silicon.com such notifications need to be kept in perspective and decisions to inform individuals should be made on a case-by-case basis.
Bamford added it would be counter-intuitive for a company to stop or slow down its efforts to overcome a security breach in order to send out emails informing its customers about that breach in the first place.
The UK's information commissioner called on CEOs to take the security of customer and staff information more seriously in a recent report.
Get the latest public sector news straight to your inbox. Sign up for the PS newsletter today!
silicon.com's Full Disclosure campaign is calling on the government to review its data protection legislation and improve the reporting of information security breaches in the public and private sector.
We are calling for greater public debate and for the government to consider legislation that would require organisations that suffer information security breaches to alert their customers, if the breach may have put individuals' sensitive personal data at risk. We want to hear your views about this campaign and the issues it raises. Make your voice heard by leaving a Reader Comment below or emailing us at editorial@silicon.com.
Full Disclosure - silicon.com launches data breaches campaign
Why companies must come clean on data spills
By silicon.com
http://management.silicon.com/government/0,39024677,39167826,00.htm
Published: Monday 16 July 2007
Today silicon.com launches its Full Disclosure campaign with the aim of making businesses and government take data security more seriously by improving the reporting of serious information security breaches.
A number of high-profile data breaches have eroded public faith in the ability of organisations to protect sensitive personal information and only a change in the law to force companies to come clean about data breaches will restore it.
silicon.com's Full Disclosure campaign - what we are asking for...
silicon.com wants the government to review its data protection legislation and improve the reporting of information security breaches in the public and private sectors.
We are calling for greater public debate and for the government to consider legislation that would require organisations that suffer information security breaches to alert their customers, if there is a chance the breach has put individuals' sensitive personal data at risk.
We want to hear your views about this campaign and the issues it raises. Make your voice heard by leaving a Reader Comment below or by emailing us at editorial@silicon.com.
Over the last year silicon.com has reported on a number of stories, such as laptop thefts and Data Protection Act breaches by banks, which show there is still much to do to improve the way the organisations treat information they hold about the public.
As the information commissioner Richard Thomas recently pointed out, there is a "frankly horrifying" roll-call of banks, retailers and government departments that have admitted serious security lapses.
And these - while serious - are surely only the tip of the iceberg, because in the UK there is no requirement for companies to reveal that a breach has taken place. That means many more incidents are taking place unknown to customers.
Remember - it is our data that we entrust to them.
One episode illustrates the problem. Last year silicon.com chronicled the case of a still-to-be-named UK retailer which suffered a security breach that led to thousands of customers having their credit cards reissued.
While the customers had to go through the trouble of getting new cards, the identity of the retailer remained a secret - much to the fury of customers who contacted silicon.com.
This lack of accountability risks eroding customer trust in the use of online services such as e-tailing and internet banking in the UK, while the cost of identity fraud continues to rise.
But there is an alternative. California already has legislation in place that makes companies warn their customers if a data breach involving their info has taken place. Yet in the UK there is no law offering this kind of protection to the public.
This is why silicon.com is launching its Full Disclosure campaign, which calls on the government to consider similar protection for UK consumers.
If a company suffers a security breach that puts customers' sensitive personal data at risk, it should be obliged to warn its customers that their information may have been compromised so they can act accordingly to protect themselves.
This is not about naming and shaming - this is about giving the public confidence that when they entrust their personal information to an organisation it will act as a responsible guardian of that data. Reinforcing that trust will encourage more people to interact online, providing an important boost to the online economy.
silicon.com editor and site director, Tony Hallett, said: "Businesses and government need to regain the trust of the public by showing they are serious about protecting our sensitive information. By calling for companies to own up to serious data breaches, silicon.com's Full Disclosure campaign is an important step towards making organisations more accountable. Remember - it is our data that we entrust to them."
DELL/BOEING
While watching the Dodger/Giants game on FOX today, I saw a Dell commerical showcasing Boeing. It was done very well IMO. Thought about of the upcoming Dell/Wave/Seagate Seminar in Missouri...
DELL/Boeing commerical link
http://www.dell.com/content/topics/topic.aspx/global/shared/corp/media/en/digital_vault_pop?c=us&....
Dell manages 150,000 IT seats for Boeing.
dude_danny
O.T. Motorola to fall behind Samsung? Nokia on the up and up...
http://networks.silicon.com/mobile/0,39024665,39167830,00.htm
Published: Friday 13 July 2007
Market share of the world's top mobile maker Nokia is rising, industry analysts said, after its closest rival Motorola warned investors of a second-quarter loss and lower sales.
Analysts said US-based Motorola had lost market share, much of it probably to Nokia, which sells more than one in three mobile phones in the world, news that lifted the Finnish company's shares.
Nokia was up 1.2 per cent at €21.21 by 08:27(GMT), against a DJ Stoxx technology index up just 0.2 per cent.
FIM Securities analyst Jussi Hyoty said: "With Motorola losing market share in several regions - Europe and Asia - I think the biggest beneficiary is Nokia.
"Nokia has a very strong product mix from the bottom to the top. This is a good chance to put distance between it and the number two and increase scale benefits."
Motorola, meanwhile, said it no longer expects its mobile phone business to be profitable this year - blaming weak sales in Asia and Europe.
After the company warned investors on profits and rival Sony Ericsson released its second-quarter results, Charter Equity Research analyst Ed Snyder said: "Motorola lost a lot of share. A little bit went to Sony Ericsson. A lot went to somebody else, probably Nokia."
Analysts said earlier this month they expected surging mobile phone demand from emerging markets to have cemented Nokia's leading position in the April to June quarter.
Motorola said it shipped 35 million to 36 million handsets in the quarter, down from 45.4 million in the first three months, which could see third-place mobile maker Samsung Electronics knock Motorola from its number two ranking.
Before Motorola's profit warning, Nokia was forecast to have sold around 100 million handsets in the quarter.
Danske Markets analyst Ilkka Rauvola said: "Motorola's market share is coming down strongly and it could continue... As it comes down, Nokia benefits directly from the vacuum in the market left by Motorola.
"Sony Ericsson said competition has tightened and I think this is due to Nokia having ramped up its midrange and high-end products."
Shares in Samsung rose yesterday on expectations ahead of its second-quarter results announcement.
Equipment worth $22M missing from CDC 1 hour, 46 minutes ago
http://news.yahoo.com/s/ap/20070712/ap_on_he_me/cdc_missing_equipment
ATLANTA - The U.S. Department of Health and Human Services will investigate the disappearance of $22 million worth of equipment, computers and other items from the Centers for Disease Control and Prevention.
ADVERTISEMENT
Last month, a congressional oversight committee requested an audit of the CDC's property management procedures and an investigation into allegations of theft at the center.
CDC officials said they have accounted for about $9 million in missing goods in recent weeks.
"A thorough audit will help stop the bleeding of taxpayer-owned property at CDC," U.S. Rep. Joe Barton, R-Texas, a member of the House Committee on Energy and Commerce, said in a statement Wednesday. "In cases of theft, it will also tell us what happened to the thieves."
The committee specifically said it was concerned about a suspected "insider" burglary of $500,000 in computers, and millions of dollars worth of other items missing or unaccounted for since the CDC's last audit in 1995.
Daniel Levinson, inspector general of Health and Human Services, told Barton in a June 25 letter that his department would conduct an audit and investigate the theft allegations, The Atlanta Journal-Constitution reported Thursday.
Between fiscal 2004 and 2006, there were 61 investigations into the theft or disappearance of CDC property. No arrests or disciplinary action resulted from those investigations, and several are ongoing, CDC spokesman Tom Skinner said.
He said much of the equipment was discovered missing during a reorganization at the center. Staff are using new computer programs to better track items, he said.
NICE FIND DOMA!!!
dude_danny