is presently fighting off an incurable lung cancer, think I maybe winning (mesothelioma)
Register for free to join our community of investors and share your ideas. You will also get access to streaming quotes, interactive charts, trades, portfolio, live options flow and more tools.
Register for free to join our community of investors and share your ideas. You will also get access to streaming quotes, interactive charts, trades, portfolio, live options flow and more tools.
That's strange? - Not able to find Needham/ wavx webcall at present....Eom
http://www.wsw.com/webcast/needham35/wavx/
'New Wave! - That's a pity ... must be worth it's weight in gold! Eom
Good! - Our position's being held at 2.09. eom
Way I heard it!- Was that HP were looking for a similar set up as per Dell's.Eom
Inferences to HP & Acer moving towards Dell's workability with Wave. seemed to have touched a market nerve. eom
1.81 - Gotta love the confidence tone of Steven! eom
Dell launches a mobile phone
CES 2010 And some notebooks
By Lawrence Latif in Las Vegas
Friday, 8 January 2010, 15:09
http://www.theinquirer.net/inquirer/news/1568076/dell-launches-mobile-phone
As an "and finally", Michael Dell decided to empty his pockets and reveal some interesting pieces including a fully working slate device as well as the Dell Mini 3i mobile phone running Android. The Dell Mini 3i smartphone will be sold over in the US on the AT&T network with Dell saying it's keen to support operator services, meaning there might not be an unlocked, contract free version of the Dell Mini 3i handset at launch.
Dell's previous foray into the PDA market was with the Axim which didn't really do that well so it'll be interesting to see how Dell markets the Mini 3i differently.
Can the Dell's new Inspirons stop its slide down the PC market share rankings in 2010? Well, we didn't see anything that blew our socks off. µ
Major flaws in USB stick software leads to secure drives being unlocked easily
Dan Raywood
January 08, 2010
Reports claiming that hardware-encrypted USB flash drives were hacked earlier this week have revealed a major flaw in the products' design.
German security firm SySS published reports detailing the vulnerabilities in Kingston, SanDisk and Verbatim flash drives, and detailed how they can be hacked. It claimed that the vulnerability lies in a major flaw in the design of the affected products.
It said that there was an inherent design error in the software that runs on the host PC to verify the correctness of a user's password, and is not secure. SySS said it was equivalent to a single shared backdoor password for all of these devices, as security analysts were able to write a program that sent the ‘unlock' code regardless of the password entered, and gain immediate access to the flash drive's entire contents.
SanDisk has issued a security bulletin, saying it had ‘recently identified a potential vulnerability in the access control mechanism and has provided a product update to address the issue'. It said that the issue is only applicable to the application running on the host and does not apply to the device hardware or firmware, and all Enterprise USB flash drives being shipped to customers as of today contain the product update.
It said: “SanDisk has also taken measures to inform customers and channel partners about the issue and has provided a software product update online to secure existing Cruzer Enterprise USB flash drive devices.
“Preserving customer security and product reliability continues to be a top priority at SanDisk. SanDisk will continue to work diligently with customers as well as third-party security researchers to maintain high levels of security.”
Verbatim also said that it had ‘recently identified a potential vulnerability in the access control application and has provided a product update to address the issue'.
It said in a security update: “This issue is only applicable to the application running on the host system. It does not apply to the device hardware. Maintaining the security of your data is a top priority at Verbatim. We will continue to work diligently to provide the highest levels of security for your data.”
Kingston said that individuals should contact its technology support to receive an update.
David Jevans, CEO at IronKey, said: “The products that were hacked were made by storage companies that primarily manufacture consumer memory products for cameras and MP3 players.
“IronKey is first and foremost a security company. This incident illustrates that securing portable storage devices requires deep architectural understanding, threat modelling, security review and attention to detail in implementation.”
Anders Pettersson, CSO at BlockMaster, said: “A flaw has been found in competing products to SafeStick. SafeStick does not contain this flaw. The flaw exposed by the independent penetration testing firm SySS enables any user to access the unencrypted data quickly on all shipped drives from select competitors without the required password.
“BlockMaster issues this statement to clearly inform customers and partners that this is not a flaw found in any version of SafeStick.”
We're in a very interesting period! - As we gradually emerge from the shadow of the dreaded $1 sign, and continue to gather up more daily street cred, the spotlight of various banking investment arms and fund managers will surly be shone upon us, if not already (and they're always on the lookout for the odd gold plated dollar sign).
So all this talk of 20-30 dollars spike isn't so daft, I've watched this stock meander up and down, like a hawk for the past 12yrs and I reckon in fact a climb to around a 50 bucks adjustment, in the light of present developments (which is $17 in old money) is well within the bounds of reality, as it appears to me at present. Eom
Security Solutions Discussed by Industry Leaders in SecurityStockWatch.com Interviews -- HID Global, Gemalto, ICOP, Wave Systems
Jan. 7, 2010, 12:05 a.m. EST
http://www.marketwatch.com/story/security-solutions-discussed-by-industry-leaders-in-securitystockwatchcom-interviews-hid-global-gemalto-icop-wave-systems-2010-01-07?siteid=nbsh
Interview with Steven.
http://www.securitystockwatch.com/Interviews/in_Boardroom_WAVX.html
Eom
A few more of this ilk! - And we just might see Wave's main engines ignite. Eom
;?)
Looks like! - The penny has finally dropped. eom
Think we've got a whopping great gold star on our wavx Xmas tree this year! - "Wave is looking forward to bringing machine authentication to federated trust environments, and helping facilitate and advance industry best practices for secure collaboration."Eom
Gonnabe a kick in he pants for Gates!! eom
Thanks for the heads up jakes_dad & awk! - Thought Dr Brommer at around the 38min mark, he talks about the millions of dollars being now put forward for research working with individual company's.An exciting prospect. Eom.
Microsoft Windows 7 problem 'could affect millions'
Microsoft said it is looking in to reports that some computers running Windows 7 crash as soon as the user logs on
By Claudine Beaumont, Technology Editor
Published: 3:05PM GMT 01 Dec 2009
Microsoft counting on Windows 7 to cancel out Vista flop
Security experts have warned that millions of computer users could be affected by a software problem that causes Windows operating systems to crash Photo: EPA
Users have been complaining on internet forums about the "black screen of death", which causes the screen of their Windows 7 machine to turn black and the computer to crash when a user logs on.
Microsoft confirmed that it was investigating the possibility that a security update, released on Thursday, could be the root of the problem.
"We are investigating reports that its latest release of security updates is resulting in system issues for some customers," said the company in a statement. "Once we complete our investigation, we will provide detailed guidance on how to prevent or address these issues."
The "black screen of death" also appears to affect other Windows operating systems, including Windows 7's predecessor, Windows Vista, as well as Windows XP. When users log on, they see a completely black screen instead of the usual start menu, desktop icons and system tray.
According to the software firm Prevx, which has issued a patch to resolve the problem, millions of computer users could be affected by the "debilitating" glitch.
"Users have resorted to reloading Windows as a last-ditch effort to fix the problem," said the company in a blog post.
"The cause appears to be a change in the Windows operating system lockdown of registry keys," said Dave Kennerley, a support engineer with Prevx. "This change has the effect of invalidating several key registry entries if they are updated without consideration of the new ACL (access control list) rules being applied."
Microsoft advised those affected by the problem to contact its customer service line. A spokesman said the problems didn't match any existing known issues. Microsoft is yet to release a patch to resolve the problem.
http://www.telegraph.co.uk/technology/microsoft/6701494/Microsoft-Windows-7-problem-could-affect-millions.html
Fame at last! eom
It takes a brave man. The irons in the fire are glowing a little too bright! - just of late, to even contemplate trading wavx, a bit different from back in the mid cents range when we were going up and down yoyo like. Eom
Did I see someone mention 1.23? eom
orda! - They sure need to do something!... over here in the UK we're light years away from trusted computing... Business and media simply haven't a clue, If these guy's can light a rocket under a few pants then great.
Regards Boom
Not sure where this leaves us??
Mobility Token from Giesecke & Devrient Provides Maximum Security for Online Banking
Munich, November 12, 2009. Giesecke & Devrient (G&D) – in collaboration with its partners CREALOGIX and EISST – has successfully brought to market a new solution that significantly reduces the risks involved in online banking. Based on the G&D Mobility Token, the new product is called CLX.Sentinel. Its key benefit lies in the tight integration of the Mobility Token with the security application, which provides effective protection against all known cyber attacks. Authentication with the integrated certificate makes it even more user-friendly: users simply plug it in, enter their pin number, and enjoy secure online banking. The CLX.Sentinel has already been ordered by nine Swiss banks.
Damage caused by cybercrime is steadily on the rise. Online banking is one area where people frequently fail to appreciate the risks, since the protection offered by firewalls and antivirus programs is unfortunately far from adequate. Meanwhile, the cyber mafia are regularly enhancing the techniques they use, making it increasingly important to deploy ever more efficient systems of protection. The CLX.Sentinel from CREALOGIX provides an exceptionally high level of security for e-banking applications. Based on the Star Sign® Mobility Token Classic from G&D, this solution has been specifically optimized to safeguard sensitive Web-based applications such as online banking.
“The CLX.Sentinel sets new standards of security and user-friendliness in the online banking arena, as was recently confirmed by Compass Security AG, an independent and globally active Swiss security company. The CLX.Sentinel will help to increase the extent to which people use online banking and other security-sensitive Web applications,” states Dr. Kai Grassie, Group Senior Vice President and Head of G&D's New Business division.
Numerous Swiss banks have already decided to use the new product, including a number of cantonal banks such as the St. Galler Kantonalbank, Luzerner Kantonalbank, Thurgauer Kantonalbank, Basler Kantonalbank and the Raiffeisen Group.
Paul Eggenschwiler, Director of the St. Galler Kantonalbank and Head of Multichannel Management explains the reasons behind this decision: “Not only does the product offer very high levels of security, it is also impressively easy to use. In our experience, user-friendliness is one of the most important criteria for determining whether a new security solution will be readily accepted by e-banking users.”
The Mobility Token is a plug-and-play solution: as soon as the customer inserts the token in a USB port of a computer connected to the Internet, they can immediately use their bank's online applications in an easy-to-use, secure environment. As a zero-footprint security solution, it ensures that the user leaves no traces on the computer that could be read and exploited by potential cyber attackers. The Mobility Token also makes use of a special security application with an integrated “hardened” browser that cannot be modified by third parties. All of these features effectively prevent attacks on data traffic during online banking sessions.
About Giesecke & Devrient:
Giesecke & Devrient (G&D) is a leading international technology provider headquartered in Munich, Germany. With a headcount of around 10,000 employees, the Group generated sales of EUR 1.7 billion in fiscal 2008. Founded in 1852, G&D is a global market leader and pioneering innovator in banknote and banknote paper production and processing, smart card solutions for telecommunications and electronic payment, and security documents and identification systems. Over 50 subsidiaries and joint ventures across more than 30 countries ensure customer proximity worldwide. For more information, visit our website at: www.gi-de.com.
Press Contact at Giesecke & Devrient:
Stefan Waldenmaier
Phone +49 (89) 4119-2985
Email: stefan.waldenmaier@gi-de.com
Obama encouraged to appoint a cybersecurity expert sooner rather than later
Dan Raywood
November 03, 2009
A written request has been made to Barack Obama to move on with the appointment of a cybersecurity expert.
Writing in a letter to the US president, Phillip J. Bond, president of TechAmerica, requested that the appointment of a cybersecurity coordinator in the White House be done ‘at the earliest possible opportunity'.
Bond said: “We have long advocated for such a position in order to truly leverage the power of government and industry in simultaneously driving innovation in information technology and advancements in efforts to secure the national asset that is our digital infrastructure.
“The urgency for progress in cybersecurity remains, and therefore, so does the need for the appointment of a qualified, credible, senior level official to the cybersecurity coordinator post. Ideally, such an individual would have relevant experience in both government and industry in order to truly reflect the shared roles and responsibilities in cybersecurity.
“We realise that such assignments require measured deliberation. We look forward to optimising the momentum you have provided with the timely appointment of the cybersecurity coordinator.”
Bond went on to commend Christopher Painter ‘for his excellent work and stewardship of that implementation in the interim', but claimed that with increased attacks, ‘establishing cybersecurity coordination at this point will have a galvanising effect that would boost and focus the many federal efforts to combat cyber threats'.
“As leaders in the IT industry we continue our daily efforts on cybersecurity concerns and stand ready to work with your team toward success,” said Bond.
This I reckon is getting warmer! - maybe AWK perhaps could tell us more?
Checkout http://seek-for-android.googlecode.com
From our wave partners G&D PDF
2.3.3 TrustZone
Most mobile phones use a microprocessor based on the ARM architecture.
The high-end SoC’s (system on a chip) for smart phones do support the ARM
TrustZone feature. A TrustZone enabled chipset can run in one of the two
modes: normal world or secure world. Rich operating systems, such as Android,
and their applications execute in the normal world. The secure world can be
used to run a much smaller, security hardened and optionally security certified
operating system.
Email...
Giesecke & Devrient Launches Security Solution for Mobile Devices running under the Android Operating System
Munich, November 3, 2009 - Giesecke & Devrient (G&D) has added a new product to its range of innovative security solutions for mobile communication. The Mobile Security Card is designed for use with the new generation of mobile devices that run under the Android operating system. Acting as an independent cryptographic module, the Mobile Security Card handles user authentication and all encryption and signature operations. G&D has made its driver software openly available, permitting application developers to incorporate security functions in their own applications using the G&D security component. The new Mobile Security Card, which employs the microSD™ format and is equipped with a smart card chip, can serve as a high-security platform for a wide variety of mobile applications. It even permits companies with special security requirements to create their own features for cellphones that run under the Android operating system.
“The integration of our solution in the Android operating system is an important milestone. G&D intends to play a greater role in this area in future. Our wide-ranging experience in security technologies places us in an ideal position to shape the future development of the market for mobile applications, especially those involving the security of digital business processes,” says Dr. Kai Grassie, Head of the New Business division at G&D.
The Mobile Security Card is a flexible solution that can be adapted to many different security requirements. Users simply insert the memory card into the microSD™ slot of their Android handheld device. Thanks to its large data memory and integrated, high-performance smart card chip, it is a reliable alternative to external smart cards. Users authenticate themselves to the Mobile Security Card by means of a two-factor process and, if successful, are then granted access to the protected applications.
A further advantage of the Mobile Security Card is its ability to serve as a highly secure platform for a multitude of mobile applications including online banking, secure access to corporate networks, or electronic ticketing. Software developers can freely access the Mobile Security Card functions and integrate them in new applications in any way that best meets their own security requirements. G&D provides useful tools and downloads for the Android developers community, to be found at:
http://seek-for-android.googlecode.com
The Mobile Security Card is manufactured by Giesecke & Devrient Secure Flash Solutions, a joint venture between G&D and Phison, the Taiwanese flash memory manufacturer, and is marketed by various system integrators, value-added resellers and distributors.
About Giesecke & Devrient:
Giesecke & Devrient (G&D) is a leading international technology provider headquartered in Munich, Germany. With a headcount of around 10,000 employees, the Group generated sales of EUR 1.7 billion in fiscal 2008. Founded in 1852, G&D is a global market leader and pioneering innovator in banknote and banknote paper production and processing, smart card solutions for telecommunications and electronic payment, and security documents and identification systems. Over 50 subsidiaries and joint ventures across more than 30 countries ensure customer proximity worldwide. For more information, visit our website at: www.gi-de.com.
About Giesecke & Devrient Secure Flash Solutions:
Giesecke & Devrient Secure Flash Solutions develops, manufactures and markets innovative products incorporating flash memory components designed to enhance security, safeguard digital content, and protect identities in a networked world. Giesecke & Devrient Secure Flash Solutions (SFS) was founded in September 2009 as a joint venture between Giesecke & Devrient (G&D), the international banknote and smart card specialists, and Phison Electronics Corp, the market leader in USB drive and memory card controllers. The company combines G&D’s over 150 years of experience in security solutions with Phison’s specialized expertise in flash memory solutions. www.gd-sfs.com
Press Contact at Giesecke & Devrient:
Heiko Witzke
Phone +49 (89) 4119-2422
Email: heiko.witzke@gi-de.com
dhamster!- I think you just may well see a 1.15 - 1.2 spec rise, prior to, even. eom
Smithereens! - Well Done you.... Pretty much sums up our last decade of wave watching. Eom
;?)
old kid! -
Market opinion is what it is, kinda hypnotic - like the tide going back and forth, also worth noting that our trusty guard dog snacks' has been watching forever this little ol' Wave Co form up, ever since Sprague et al were just flicking rubber bands around.
I guess as such, his take does need entering into equations and for me, at least holds water amongst some of the longs here. eom
;?)
Who Knows! - We may not be quite there - but it's damned close! eom
SAP, Nokia and Giesecke & Devrient to Establish New Global Business Providing Brand Protection Services
VIENNA, Austria — October 27, 2009 — SAP AG (NYSE: SAP), Nokia Corporation (NYSE: NOK) and Giesecke & Devrient GmbH (G&D) today have announced plans to form a new company, named “Original1”, to deliver unique product authentication and anti-counterfeiting services across the globe. These services will be aimed at protecting companies and consumers in a wide range of industries from product piracy and counterfeiting, thereby maintaining brand values, revenue potentials and profitability of branded goods. Original1 will be headquartered in Frankfurt, Germany, and headed by Claudia Alsdorf, currently vice president of SAP Research. The new company is expected to begin operations before the end of 2009, subject to the approval of the responsible anti-trust authorities. The announcement was made at SAP® TechEd 2009, being held October 27-29 in Vienna, Austria.
“Counterfeiting is a worldwide problem that is increasing and affecting many successful companies in all industries,” said Alsdorf. “Today, more than ever, companies need to combat counterfeiting before it’s too late, when their company livelihood is at stake. Original1 will provide a one-stop shop for companies seeking secure services that protect them from counterfeiting, safeguard the value of their brands, and help them develop a more transparent way of working to become more sustainable.”
Original1’s services will rely on SAP technology and solutions, while Nokia will deliver mobile authentication software to allow businesses to follow a branded product’s entire life cycle, from a factory to the end customer, using mobile devices. G&D’s contribution to Original1 will consist of security solutions for the entire value chain. This comprises user authentication, end-to-end encryption of the information flow and database encryption. The solution covers the complete sales and logistic supply chain by protecting products and related product packaging by tagging them with intelligent, tamper-proof serialized product codes.
“We see a big business opportunity in brand protection services,” said Antti-Jussi Suominen, general manager, Commerce, Corporate Development, Nokia. “Nokia started a mobile phone-based product authentication business program in 2006; this joint venture is a logical step in evolving that business. We will provide Original1 with the mobility expertise and related technology and believe that mobility will bring a totally new paradigm to brand protection.”
“The brand protection system relies on the trust, customer and companies have in it,” said Dr. Kai Grassie, group senior vice president and head of the New Business division, G&D. “Giesecke & Devrient is a partner of trust for government authorities and companies with special security requirements. This comprises areas like banknote printing and processing, as well as security products and services for the mobile communication, payment and the IT security industry. G&D will contribute its extensive expertise in high-level security technology to Original1.”
About Giesecke & Devrient:
Giesecke & Devrient (G&D) is a leading international technology provider headquartered in Munich, Germany. With a headcount of around 10,000 employees, the Group generated sales of EUR 1.7 billion in fiscal 2008. Founded in 1852, G&D is a global market leader and pioneering innovator in banknote and banknote paper production and processing, smart card solutions for telecommunications and electronic payment, and security documents and identification systems. Over 50 subsidiaries and joint ventures across more than 30 countries ensure customer proximity worldwide. For more information, visit our website at: www.gi-de.com.
About Nokia:
Nokia is a pioneer in mobile telecommunications and the world’s leading maker of mobile devices. Today, we are connecting people in new and different ways - fusing advanced mobile technology with personalized services to enable people to stay close to what matters to them. We also provide comprehensive digital map information through NAVTEQ; and equipment, solutions and services for communications networks through Nokia Siemens Networks.
About SAP:
SAP is the world’s leading provider of business software(*), offering applications and services that enable companies of all sizes and in more than 25 industries to become best-run businesses. With more than 89,000 customers in over 120 countries, the company is listed on several exchanges, including the Frankfurt stock exchange and NYSE, under the symbol “SAP.” For more information, visit www.sap.com.
The personal details of more than 50,000 insurance customers have been lost by Zurich, but it has taken the insurance giant a year to alert them of the identity fraud risk.
By Myra Butterworth, Personal Finance Correspondent
Published: 3:09PM BST 22 Oct 2009
Personal details of 51,000 Zurich customers have been lost
A tape containing the data was lost in August last year, but letters are only now being sent out to the general insurance customers warning them of precautions to take.
The group explained it had only “recently” found out that the tape had gone missing and still did not know why. A full investigation is underway.
It also refused to give details about the type of personal information contained on the tape, but it is understood that they could be used by identity fraudsters.
Zurich says it will provide the 51,000 customers with free identity theft protection, which provides details of any credit taken out in their name. It also urges customers to contact their banks.
The back-up tape was lost when it was transferred to a data storage centre in South Africa. The insurer said it has boosted to security on the transfer of other tapes, but admitted that it was not certain that it would not happen again because it does not know how the tape had been lost.
Annette Court, chief executive of Europe general insurance at Zurich Financial Services, told The Daily Telegraph: “We cannot be absolutely confident that we have done everything we can until we have completed the investigated.”
She added the lost of the date was “unacceptable” and that Zurich took full responsibility.
“So far we have no evidence that our customers’ data has been accessed or compromised in any way. We are apologizing unreservedly for this situation,” she said.
“At this time, our first and foremost concern is our customers and we are doing all we can to support and assist them in these circumstances and have put in place a dedicated response team to help support them.”
Zurich has four million general insurance customers and two million life insurance customers in the UK, but it said only 51,000 individuals and small businesses had been affected by the security breach.
Clare Francis, editor of moneysupermarket.com said: "Unfortunately as far as consumers are concerned, there is little they can do themselves to prevent mistakes such as this from happening.
"If you start receiving calls from companies you don’t know or aren’t a customer of, it may be because your details have been compromised in which case you should contact your providers and update your security details."
Zurich said the City regulator the Financial Services Authority was made aware of the disappearance of the tape in August this year.
machcobra! - you write 'Waiting for this story to unfold'...Mmm think you might have nailed there fella'. eom
;?)
Lost hard drive could affect 70 million US military veterans
Dan Raywood
October 05 2009
The National Archives and Records Administration (NARA) are investigating a potential data breach involving a lost hard drive that could affect 70 million records of US military veterans.
A report by Wired claimed that a defective hard drive that powered eVetRecs, the system veterans use to request copies of their health records and discharge papers, was sent by an agency back to its vendor for repair and recycling without first destroying the data.
When the drive failed in November of last year, the agency returned the drive to GMRI, the contractor that sold it to them for repair. GMRI determined it could not be fixed, and ultimately passed it to another firm to be recycled.
However, the NARA said that the lost drive is not a problem because its contractors signed privacy promises in their contracts, though the agency has since changed its policy to require that sensitive media be destroyed by NARA itself.
Writing on the IDtheftsecurity.com blog, consultant Robert Siciliano claimed that the hard drive should have never left the facility and should have been destroyed.
Siciliano said: “A $2,000 hard drive with millions of social security numbers is worth millions, maybe billions of dollars if it gets into the hands of a criminal. The ‘loss' of data like this can cost a government agency or corporation millions to respond to the breach. The Pentagon requires that old or defective drives be de-magnified or destroyed.
“With this data, a thief can open a new account such as a credit card and have the card sent to a different address. This is true identity theft. New account fraud destroys the victim's credit and is a mess to clean up.
“Government intervention to protect you from new account fraud is probably not going to happen any time soon, if ever. The responsibility is the citizens to protect themselves.”
I think it is more than reasonable now to see the Wavx m/price flesh out a little, what with all these various rumbles around. Imho
This release might just move the m/makers out of yawn mode? eom
I suppose when one's looking at the overall position! - The market seems to have set out our Wavx rocket platform? at around the 85cent mark- presumably awaiting detonation on any signed contracts news.
Just'a wondering! eom
No Mig relax!- Just saying that all these billion dollar co's we're apparently rubbing shoulders with, that without Wave's tech, none of these latest developments would have a hope of providing the sort of security Obama's banging on about. Eom
Hey Guy's! - There's only one real organ grinder here - the rest are just singing along! Although I do notice that Citigroup appear to be having a nice day? eom
Snackman!- will this government initiative breakthrough now hit your some of your tv airwaves do you think? eom
I find myself now back in the green after trading in the fairly recent up & down cents scenarios. eom
As yet! - Just a stifled yawn from the street? Eom
Remember guy's! - Regarding questions tonight, that SKS is more than aware of our topics on this board,'cus when I used to record Ihub hits - wave systems looked in here - around 12 times per wk. eom
Credit card breaches reported at two companies with over half a million users possibly affected
Dan Raywood
July 27, 2009
Over half a million credit card details may have been compromised following a security breach at more than 4,000 ecommerce websites.
Network Solutions, which hosts the websites, announced that it had found malicious code on servers supporting some of its customer's online stores. Between 12th March and 8th June 2009, details of approximately 573,928 cardholders appeared to have been captured by malware that could have been used to transfer confidential card information.
In a statement on its website, Network Solutions claimed that in the ordinary course of business it identified unauthorised code on servers supporting some of its ecommerce merchants' websites.
The company said: “We promptly removed this code, and all of our ecommerce servers are functioning properly. No servers supporting networksolutions.com were affected.
“At this point, we have no reports or other reasons to believe that any credit card account information has been misused and, under established practice, credit card issuing companies generally will not hold our merchants' customers liable for any fraudulent purchases made using their credit card account numbers that are reported in a timely way to the issuer.
“Our customers' ability to rely on the safety of our solutions is our highest priority. We are deeply sorry for any concern or inconvenience this may cause our merchants or their customers.”
It claimed that it is working with a credit reporting agency to contact its merchants' customers whose data may have been affected, and provide services that will help potentially affected US-based customers protect their information.
Graham Cluley, senior technology consultant at Sophos, said: “This obviously has the potential to be a public relations disaster for Network Solutions - not only for the people who have had their credit card information stolen, but also for the merchants (many of whom will be small businesses) who are bound under various state statutes to inform their US customers when the security of their personal information has been compromised.
“Network Solutions, however, is smart enough to know that it needs to work quickly in situations like this to make the best out of a bad situation. For instance, it makes some play out of the fact that it has engaged with social media sites and bloggers to spread information and advice about the crisis, and how affected individuals and businesses should respond.”
Another breach was also reported by the Japanese arm of global insurer Alico with the credit card data of approximately 110,000 customers affected. Of those affected, more than 1,000 customers have seen fraudulent charges on their credit cards, and the credit card companies alerted Alico to the alleged theft.
A spokesperson for Alico said that the company has yet to determine how the data could have been leaked.
Steve Moyle, founder and CTO at Secerno, said: “This breach brings to mind RBS WorldPay and Heartland, in which customers saw fraudulent charges on their credit card bills before the companies realised they had been breached.
“In this type of situation, Alico is left playing 'catch up' without the ability to stop additional damage to its customers, because their data has already been compromised. We hope that the company and all in the industry use this as a lesson as to the importance of knowing the location and status of their data at all times because it will always be an attractive target.”
http://www.scmagazineuk.com/Credit-card-breaches-reported-at-two-companies-with-over-half-a-million-users-possibly-affected/article/140621/