Register for free to join our community of investors and share your ideas. You will also get access to streaming quotes, interactive charts, trades, portfolio, live options flow and more tools.
Register for free to join our community of investors and share your ideas. You will also get access to streaming quotes, interactive charts, trades, portfolio, live options flow and more tools.
That I do not know.
When Microsoft introduced Windows® 7 — its most cutting edge OS to date — the company also ushered in a new version of BitLocker, the industry's most advanced software-based full-disk encryption (FDE) solution.
BitLocker outperforms add-on, third-party FDE software solutions in two ways. First, it takes advantage of the Trusted Platform Module (TPM) — a security chip embedded in virtually all PCs available today — for strong key protection and system integrity verification. Second, its tight integration with Windows 7, Ultimate and Enterprise editions, puts less strain on a computer's operating resources than third-party software solutions.
In addition, because Microsoft BitLocker eliminates the need to purchase and deploy additional FDE client software, it offers a good entry point for cost-conscious enterprises looking to secure network endpoints.
Yet, despite all these benefits, BitLocker lacks one vital feature: an intuitive, centralized management platform to activate, manage and monitor BitLocker clients across the enterprise.
Organizations that wish to leverage Windows 7 FDE features on a broad scale need to write and maintain their own custom scripts. This costs both time and money and could explain why less than 5% of BitLocker-capable clients actually use the software today.
http://www.wave.com/products/WaveBitLockerManager.asp
Hacked journalist reminds us security is people plus process
TPM mentioned below
Summary: Poor processes combined with people who aren't trained in security are more dangerous than most technical vulnerabilities.
Mary Branscombe
By Mary Branscombe for 500 words into the future | August 9, 2012 -- 11:53 GMT (04:53 PDT)
When Wired journalist Mat Honan realised his Twitter, Amazon and iCloud accounts had been hacked, he initially thought someone had brute-forced his seven-character, alphanumeric password.
That's not impossible — GPU computing in the cloud makes cracking passwords much easier. If you care about an account, your password needs at least 12 characters. That can be two or more common words together rather than a single Brobdingnagian word.
But what allowed a hacker who just wanted a cool Twitter handle to get so much access to Honan's accounts were failures in the security processes at both Amazon and Apple, and good old human error. Forget zero-day vulnerabilities and buffer overruns and heap-spraying attacks. If you forget that security has to be a combination of people, process and technology, then someone is going to get hacked.
Engima keyboard
Technology as secure as the Enigma machine isn't enough if people and processes are insecure
I'm not quite sure why Amazon ever allowed customers to add a credit-card number to their account over the phone — some oddity of the US banking system, because it's easier than typing it in on a phone screen? But allowing someone to add a security credential to their account and then use it almost immediately is clearly a bad idea.
It's something that many credit-card and banking-fraud systems look for, actually. You could force a waiting period between entering and using a new credential, or insist on out-of-band confirmation — such as the emails you get when you set up new accounts with many websites — or you could stop someone adding a new security credential without confirming an existing security credential.
The problem here is that Amazon was conflating a service — adding a new way to pay — with a security check — using a credit card number to reset an account. It amounted to a process failure it's since fixed, compounded by Apple using just the last four digits of a credit card for a password reset. Presumably, Apple employees weren't asking for the other security features such as the expiry date and security code because they weren't being used for a purchase, and there's some dispute as to whether that was official policy or not. If it was, that's a process failure. If not, it's people failure.
Security experts sometimes joke that two-factor authentication stands for, "Something you've lost and something you've forgotten" — a physical object that you can prove is in your possession as well as a password you can memorise. In this case it was, "Something you can find out and then pretend to remember".
But we do forget passwords and lose or break physical items such as keycards and tokens. Having a live human being as the last resort for regaining access to your account is a good thing, but you have to make it an annoying process for legitimate users to avoid making it to easier for hackers to get around.
Social engineering means getting someone to break the rules. Having good rules and training people to understand why they're important is the best protection.
My bank gets some of that right and some of it wrong. For example, I have to type in a code it texts to my phone to set up a new standing order. That's good two-factor authentication. But I recently lost access to my business bank account because the banking site told me I'd changed computers, which I hadn't, or IP address, which I hadn't either.
What I had done was swap back to the Windows 7 image I took before installing Windows 8 CP so I could upgrade to Windows 8 RP, deleting or replacing whatever cookie the bank had used last to identify my computer — often this is a randomly-generated number. I was confronted by a set of security questions that should have unlocked my account. But my account was set up before those security questions were added to the system and my answers didn't work.
When I phoned the bank, the security procedure involved asking me a lot of other questions. Not just my name, address, date of birth and company name, but when I opened the account, who else could operate it, full security details from the account credit card plus details of the balance and recent transactions that you wouldn't know unless you'd already hacked me.
That's a good process and lot more secure than security questions you can find the answer to on Facebook. One US bank warns you to pick answers that no-one else can give and then asks for the name of your first boyfriend or girlfriend. At least one other person on the planet knows that even if you haven't told the world on a social network.
I couldn't answer all the questions straightaway. We stayed on the phone for half an hour running through alternative but equally secure questions before I'd proved my identity enough for the bank to reset the security-question prompt. That's people applying the process well. No, they didn't reset my password. They just let me set up new security questions but answering them didn't get me into my account. I still needed both my password and passcode to log in.
All this is a crutch for dealing with the broken system of passwords that's going to keep letting us down. A much better idea would be to use something harder to copy, find online, crack and lose.
It's not perfect, but using the trusted-platform model (TPM) that's in many modern PCs would be a good start. Windows 8 PCs will have TPMs in far more systems. Firmware TPMs are built into Windows RT tablets and SoC devices running Windows 8 and even consumer PCs will start to include them because Windows 8 uses the TPM to help guard against rootkits that mess with the operating system directly.
You can use a TPM as a virtual smartcard in Windows 8, so you could tie important accounts to the hardware of your PC — which wouldn't change if you upgraded your OS or logged in from a different network.
Lose, break or replace your PC? The recovery system can use a mobile phone for secondary authentication — something you're less likely to lose control of than an email address — and fall back to a call centre, with well-trained people following a good security pro
http://www.zdnet.com/hacked-journalist-reminds-us-security-is-people-plus-process-7000002347/
I think it also depends on what Stevie has to say, don't you?
8.5 would be good but I think 10+ would be a better target IMHO
Cheers
Ski
What I met to say is, are we maximizing the contracts we have now? Seeing that we have no minimum or maximums on the contracts we have. That's all.
Did I not say IMHO?
Getting more contracts is not the problem, servicing the ones they have is.
If they just did a half way job on the ones they have, they'ed hit the ball out of the park on financials.
Also, I know you need people to build the business but they seriously need to trim expenses to go cash positive.
If you need people to build the business, build a commission or incentive clause into their contract.
Imagine that, sign a contract, get paid, do it again. IMHO
Everyone's nervous about the quarterly financials I suspect.
Securing Data on a Moving Target: Self-Encrypting Drives Deliver Top Security, Performance and Manageability
August 3rd, 2012 by Guest Editorial
Today’s increasingly mobile work force has moved more and more end-users, devices, computing applications and highly sensitive data beyond the safety of the enterprise firewall. As the number of laptops multiplies across the enterprise, the prospect of a security breach through a lost or stolen device shifts from a speculative risk to a virtual inevitability. Such breaches can now be measured in dollar signs, as underscored by a 2009 study by the Ponemon Institute, which estimated a lost or stolen laptop can cost an enterprise $200 for every customer record stored on the device. Much of these costs derive from penalties imposed by “Notice of Breach” laws adopted by 46 states, the District of Columbia and throughout Europe with the European Union Data Protection Directive and the Data Protection Act in the U.K. Such laws often require a company to publicly report security breaches unless it can guarantee the data is safe and unable to be misused by unauthorized persons.
Consequently, most corporate IT managers now agree that full-disk encryption (FDE) isn’t merely critical to securing sensitive data, it is pivotal to their organizations’ financial well-being. This has fueled a host of third-party FDE software solutions that encrypt all data stored on a disk drive, including bootable operating system partitions. Yet, while software FDE solutions are a step in the right direction, they have their shortcomings. They do not, for example, encrypt the master boot record, and thus leave data to attacks targeting a laptop’s operating system. Also, like any add-on application, software FDE draws on a PC’s memory and processing resources, leading to degradation of overall system performance.
The limitations of software solutions have led more and more IT managers to favor the superior FDE provided by self-encrypting drives (SEDs). An SED is like any standard hard drive, with one key difference: It embeds encryption into the drive itself. Thus, data is protected the moment it is written to the drive.
Seagate introduced the first laptop hard drive with built-in encryption in 2007. Since then, the Trusted Computing Group (TCG) has defined an SED standard called Opal that has since paved the way for a wide-range of Opal-based SEDs from leading hard drive manufactures like Seagate and Hitachi, flash vendors like Micron and Samsung and external drive providers like CMS. PC vendors like Dell, HP and Lenovo offer these SEDs on a variety of systems, for little to no additional cost. Gartner estimates that in five years all drives will be hardware encrypted.
How Do SEDs Work?
How SEDs work is simple: Comprising a closed and independent architecture, they include their own processor, memory and RAM, and impose very strict limits on the code that can run within their architecture. Encryption and decryption of data occurs in the drive controller itself, rather than relying on the PC’s host CPU.
Every SED reserves a small block of internal memory isolated from the rest of the drive. These “protected partitions” securely house encryption keys and user access credentials. Once the drive is unlocked, data will flow normally in and out of the drive. If you are an authorized user, you can access the data. If you are not, the drive will not grant access and the data cannot be obtained by any other means, such as traditional software-based attacks via malware and rootkits. All data on the drive is encrypted, all the time.
Since the encryption key is created onboard the drive during manufacture and never leaves the drive’s protected hardware boundary, it is impossible to steal and it is immune to traditional software attacks. No software – malicious or otherwise – can run on the machine until the drive is unlocked and the OS is booted.
The “baked in” encryption of data also provides logistical and cost of ownership benefits over software solutions. Because encryption keys never leave the hard drive, there is no need for IT staff to spend time or money managing keys, or building key escrow and backup programs. Plus, SEDs do not draw on a machine’s memory or processing resources, thus avoiding the marked degradation that software solutions often impose on system performance. A study by Trusted Strategies LLC showed a commercially available SED performed as well as a standard drive and handled large-file operations nearly twice as fast as three drives equipped with active software-based encryption tools.
SED Deployment
SEDs are also supremely easy to deploy. In the study cited earlier by Trusted Strategies, software encryption tools took anywhere from 3½ to 24 hours to fully encrypt a hard drive. In contrast, a corporate IT department can phase SEDs in with the purchase of each new machine. Since the drive comes built-in and with encryption on, there is virtually no IT overhead or machine downtime required to turn on data protection.
The emergence of Cloud platforms has only facilitated the deployment and management of SEDs. Today, small- to medium-size businesses can now tap management tools once available only to large organizations with the resources to maintain on-premise solutions. Such Cloud-based solutions enable drive initialization, user management, drive locking and user recovery for all SEDs. More importantly, they provide IT with a centralized platform with which to institute SED-driven security policies, thereby ensuring stronger data security and compliance with data breach laws even if a laptop goes missing.
Although today’s workforce continues to expand beyond the corporate firewall, the fundamental goal of IT administrators remains the same: To ensure the security of all data, users, devices and applications – from the network’s central servers all the way out to every scattered end-point. Achieving this task in full compliance with Notice of Breach regulations demands a best-in-class option for centrally managed data encryption.
SEDs are the only physically self-contained FDE solution that avoids degradation of system performance, and enables remote centralized management via captive server or the Cloud. These qualities alone identify them as the best-in-class FDE solution commercially available today.
Also see - Top 10 Reasons to Buy SEDs
Discuss This Story
About the Author
Lark Allen - Executive Vice President of Business Development, Wave Systems
Mr. Allen is responsible for Wave’s business and corporate development, specifically creating strategic technology relationships and evaluating opportunities that have potential to achieve Wave’s strategic goals. Additionally, Mr. Allen oversees the development of a core set of markets and strategies related to security products, thereby furthering the company’s competitive positioning.
Mr. Allen plays an active role in a number of industry standards organizations, including the Trusted Computing Group where he is a member of the Storage Work Group, which builds upon existing TCG technologies and focuses on developing open standards around secure data storage. Mr. Allen has more than thirty years of industry IT experience with large enterprises and has held executive management positions in sales, marketing, development and consulting. Before coming to Wave, Mr. Allen worked for many years with IBM. He graduated from Brigham Young University with a BS in Physics and earned an MS in Industrial Administration from Purdue University.
http://www.storagereview.com/securing_data_on_a_moving_target_selfencrypting_drives_deliver_top_security_performance_and_manageability
Wave Announces Windows 8 Readiness
Lee, MA — February 24, 2012 — Wave Systems Corp. (NASDAQ:WAVX www.wave.com) today announced future Wave development of value-added security solutions for Windows 8. Windows 8 has innovative security features for better malware protection and takes an integrated approach to strong authentication and encryption.
“Business users and consumers are facing a host of unprecedented challenges in maintaining their security,” said Tony Mangefeste, Senior Program Manager for Microsoft Corp. “Hardware-based security is one of the best methods for ensuring platform integrity, encrypting data or mitigating malware that targets the boot path. Wave’s product expertise aligns with Microsoft on achieving our goals for security.”
Wave plans to provide Windows 8 support for its solutions that utilize hardware-based security components such as the Trusted Platform Module (TPM), Unified Extensible Firmware Interface (UEFI) and Encrypted Drives (eDrives). As part of the roadmap, Wave will develop attestation capabilities using the TPM that increase the trust level for online transactions and confirm the reliability of computer health metrics. Wave software enhances deployment scenarios for TPM-based features while extending the capabilities to previous Windows operating systems.
“Wave is honored to support Microsoft in its launch of Windows 8 by delivering some of the most innovative security solutions on the market,” said Steven Sprague, Wave’s CEO and President. “Through our technical collaborations with Microsoft, we can offer organizations a more secure infrastructure that builds on Windows 8.”
Enterprises with the earlier versions of Windows Vista or Windows 7 operating systems can also benefit from hardware-security available on the market today. Wave manages more SED seats in the enterprise than any other independent software vendor. The single largest TPM deployment in the world—with over 80,000 machines activated—is also a Wave customer.
Wave is a founding member of the Trusted Computing Group (TCG), a not-for-profit consortium committed to developing, defining and promoting open industry standards.
Weren't we arguing a while back about what involvement WAVE had in the Win 8 deployment? Seems clear to me, this could have an huge impact on revenues going forward.
OK people, listen up...
A little technical analysis for consideration.
Although the price hasn't done much lately, there is momentum building behind the scenes.
OK Ski, what are you talking about?
PPO
Ski, what the heck is PPO?
Percentage Price Oscillator.
Around about July 15th this indicator went positive. Actually, it hit bottom around May 21st, but has slowly been trending up since then.
So what does this mean? Well, good question. Here is one definition of PPO;
Standard PPO is based on the 12-day Exponential Moving Average (EMA) and the 26-day EMA, but these parameters can be changed according to investor or trader preferences. Closing prices are used to calculate the moving averages so PPO signals should be measured against closing prices. A 9-day EMA of PPO is plotted as a signal line to identify upturns and downturns in the indicator.
As with MACD, the PPO reflects the convergence and divergence of two moving averages. PPO is positive when the shorter moving average is above the longer moving average. The indicator moves further into positive territory as the shorter moving average distances itself from the longer moving average. This reflects strong upside momentum
Pull up your charts and put in the PPO (12,26,9) and see what I see.
A change is happening quietly behind the scenes. Food for thought...
With a consensus analyst price target of $1.76, based upon a current price of 64 cents, the potential upside is 175%.
The first major resistance point is 81 cents (the 50 day moving average), the next major resistance is $1.75 the 200 day MA.
Speaking of Dell loading all their business laptops with wave suite software. Anyone here know what other companies like Dell do the same?
Looks like someone dropped 20-30k at the end of the day at market. To bad I was on the road driving to Boise, would have loved to buy those shares from you.
Next time, just let us know you're going to do that ahead of time and I'll bet there will be plenty of takers on this board. IMHO
Have a good day!
Ski
Did you know....
That, Wave's flagship software offering, EMBASSY® Trust Suite, comes installed on every business-class laptop computer shipping from Dell.
http://www.ia.nato.int/events/symposium/sponsors-silver
I guess I was not aware of that, until now.
Interesting they are a Silver Sponsor at this NATO Symposium.
Just the people(in attendance) you want to talk to now that you are a NATO approved vendor.
Dabears4, thanks for connecting a few more dots...
Ok, let's connect some dots. Got the technology, check. Got the suppliers lined up, Dell, HP, Lenovo, others, check. Prove the technology is superior to anything on the market, check. Sign the U.S. government, NATO, check. What's next...the world!
None taken, so do you think they announce every contract or deal they make? What if the customer says no announcement please?
Barge, Look at it a different way..
Your statement "I'm damn sick and tired of this "radar" approach!"
Did you ever ask yourself why they are keeping things under the radar?
Because we are talking about security here, most customers don't want WAVE to make any announcement that the have signed an agreement.
I know it sucks for us because there are all sorts of things and agreements happening behind the scenes that we will never know about. But that's business.
The only way we find out is through the numbers.
Hold your shares, you will be rewarded!
Barge, what say you? You've been quiet lately.
Kis, have you bought any shares at this level? Be truthful.
I think the SP is at a level where there is a big risk for the company being scooped up by a larger company. You say, "why would someone want WAVE"? Well for one thing, if Microsoft, Samsung or Dell or any other large company wanted this companies technology for there own use, they wouldn't care what other companies thought would they?
Have a great day!
Ski
Title, have you been to the Scrambls website lately? There is a plugin for IE on the front page.
jwcc, wow, your message sounded like you were putting a grave stone marker on the company burial plot. And, that, there is no way WAVE could recover from your prediction.
I know I am a relatively newcomer here and don't have the history you and others on this board have. But, let me ask you few questions;
Was there the Trusted Computing Group when you first bought in? No
Did Wave have all the business elements it has today, back then? No
Did they have Bitlocker, Safend Data Protection, or Esign systems in the beginning? No, things change, evolve...
With signing of Samsung and the US Military, they are doing something right. As you say, execution is the key. If the trials with the Military and Aerospace company succeed. It could be huge for the company.
To make the statement SKS is a failure is a bit harse. Is he paid more than he's worth is subjective. Has WAVE made some mistakes, doesn't every business?
If they can leverage what they've got going now and hit on 6 of 8 cylinders now, they could still drive this thing home. Yes, I am an optimist, I also know that the cyber threat is real and businesses are not so quick to change with what they know.
Answer me this, why do you think Cisco joined the TCG? Maybe the group is on to something.
I'm just saying there may be other points of view, don't count WAVE out yet.
Cheers,
Ski
Thanks player for the info, learning all the time.
FORM 8-K
CURRENT REPORT
Pursuant to Section 13 or 15(d) of the
Securities Exchange Act of 1934
Date of report (Date of earliest event reported) July 13, 2012
WAVE SYSTEMS CORP.
(Exact Name of Registrant as Specified in Charter)
DELAWARE
0-24752
13-3477246
(State or Other Jurisdiction of Incorporation)
(Commission File Number)
(IRS Employer Identification No.)
480 Pleasant Street, Lee, Massachusetts 01238
(Address of Principal Executive Offices) (ZIP Code)
Registrant's telephone number, including area code (413) 243-1600
Check the appropriate box below if the Form 8-K filing is intended to simultaneously satisfy the filing obligation of the registrant under any of the following provisions (see General Instruction A.2. below):
box Written communications pursuant to Rule 425 under the Securities Act (17 CFR 230.425)
box Soliciting material pursuant to Rule 14a-12 under the Exchange Act (17 CFR 240.14a-12)
box Pre-commencement communications pursuant to Rule 14d-2(b) under the Exchange Act (17 CFR 240.14d-2(b))
box Pre-commencement communications pursuant to Rule 13e-4(c) under the Exchange Act (17 CFR 240.13e-4(c))
Item 3.01. Notice of Delisting or Failure to Satisfy a Continued Listing Rule or Standard; Transfer of Listing.
On July 13, 2012, Wave Systems Corp. (the "Company") received notification from the Listing Qualifications Department of The Nasdaq Stock Market indicating that the Company's Class A Common stock is subject to potential delisting from The Nasdaq Capital Market because for a period of 30 consecutive business days, the bid price of the Company's Class A common stock has closed below the minimum $1.00 per share requirement for continued inclusion under Nasdaq Marketplace Rule 5550(a)(2) (the "Bid Price Rule").
The Nasdaq notice indicated that, in accordance with Nasdaq Marketplace Rule 5810(c)(3)(A), the Company will be provided 180 calendar days, or until January 10, 2013, to regain compliance. If, at anytime before January 10, 2013, the bid price of the Company's Class A Common stock closes at $1.00 per share or more for a minimum of 10 consecutive business days, Nasdaq staff will provide written notification that it has achieved compliance with the Bid Price Rule.
If the Company fails to regain compliance with the Bid Price Rule before January 10, 2013 but meets all of the other applicable standards for initial listing on the Nasdaq Capital Market with the exception of the minimum bid price, then the Company
SIGNATURES
Pursuant to the requirements of the Securities Exchange Act of 1934, the registrant has duly caused this report to be signed on its behalf by the undersigned, hereunto duly authorized.
WAVE SYSTEMS CORP.
By: /s/ Gerard T. Feeney Gerard T. Feeney
Chief Financial Officer
Dated: July 13, 2012
Interesting, I thought you were automatically delisted but apparently things have changed at Nasdaq. Should be plenty of time to regain compliance. At least they have some breathing time.
Great idea, anyone from WAVE, have anything good to say? We're waiting!
In good audience I see, this business is all about connections. In the end, if SKS can connect with the people on the panel presented, this business can rocket to the moon.
I know, I know, some of you are lamenting that they have pissed everyone in Tech land off, but if that were completely true, they would not be in business now.
They would not have an agreement with the military, or Samsung, or HP, or Dell nor a relationship with MS.
Give em a break, there must be something you can find good about there business. So much negativity....
My mother always said "if you don't have anything good to say..."
IMHO
Ski
Whole new list of trade shows they presenting at or attending posted on the website:
http://www.wave.com/news/tradeshows.asp
The 4th Annual REFUEL Clean Power Motorsports Event held on Sunday, July 1, 2012 at Mazda Raceway Laguna Seca exceeded all expectations and signaled once again the fast-arriving future of electric transportation and competitive electric motorsports. The explosive growth of the production electric car market yielded a larger than ever field of participants in Tesla Roadsters, Nissan Leafs, BMW ActiveEs and CODA 1.0s plus a small fleet of high-performing, factory fresh Model S sedans from Tesla Motors.
KleenSpeed's WX-11 returned to smash their previous year's track record with a 1:32.046 and we were joined for the first time by Ikuo Hanawa in his Pike's Peak-dominating Summit HER-02. The Brammo Empulse TTXGP bike made a return appearance as did a large number of stock and prototype bikes from Zero Motorcycles in addition to some home-grown experimentals, conversions and even some electric karts.
Speed Ventures, the organizers of this event in conjunction with the County of Monterey, wish to thank all participants, partners, crew and spectators for continuing to support this effort to bring the technology of tomorrow to the race track today.
http://www.refuelraces.com/
OK OK, I know not everyone is crazy about Wave spending money on sponsorships, but as I suspected we here really didn't have a the facts for doing so. Take a look at the link provided and you will see the Kleenspeed car with "scrambls" decals all over the car.
I spoke with "scrambls" guy in charge yesterday about investor concern money not being well spent on this event. He assured me that WAVE did not pay the going rate for sponsorship listed on their website and only a modest amount of money was spent, (Must be from prior connections) and that the "scrambls" staff have a frugal budget and are trying to get the word out about scrambles. Also, trying to get the most bang for the buck.
With that being said, they have made arrangements to have the Kleenspeed car at future trade-shows again with the scrambls decals blazing. At trade shows, you need something that draws people in and the believe this car would do that.
Cheers,
Ski
Title wave, it's information, what you do with it is up to you. Everyone already knows Wave and Microsoft have a relationship. I don't think that is here-say, do you?
Microsoft Windows 8 support for TPM
After six year of pumping TPMs into the market, hardware-based security may finally become a practical option for the enterprise, in large part due to TCG founder member, Microsoft.
When they were first introduced to computing devices as part of the manufacturing process, TPMs were included as part of the standards associated with Microsoft's Windows Vista operating system.
The use of TPMs was expanded in Windows 7 to form an important part of the Microsoft Bitlocker strategy for data encryption, in which they were used to store the encryption keys.
In 2012, however, Microsoft plans to release Windows 8, which will see the biggest role for TPM in the operating system to date.
At the RSA Conference in San Francisco in February, Scott Charney, corporate vice-president of trustworthy computing at Microsoft, highlighted some of the security milestones of Windows.
One of the most important features of Windows 8, he said, will be remote attestation by trusted third parties, which is supported by computer's TPM.
Remote attestation could, for example, enable a trusted third party to know if a computer has booted correctly and that there was nothing inappropriate or malicious in the process.
One of the most important security features of Windows 8, he said, will be support for the hardened UEFI BIOS standard, a trusted boot mechanism, provided in part by the computer's TPM.
In secure boot, the BIOS of a computer is measured. As part of the TPM, those measurements can then be reported through remote attestation, either to service providers or to the enterprise network, to certify that the BIOS of the computer has not been changed by malware since the last time the computer was on the network.
Another key security feature of Windows 8 is continued support for TPM as a part of MS Bitlocker and as part of the new operating system's support for the TCG's Opal standards for self-encrypting hard drives (SEDs) – or eDrives, as Microsoft calls them – to achieve what is termed "pervasive encryption".
While there has been third-party support for SEDs on Windows XP, Vista and Windows 7, Windows 8 will provide native support for SEDs as part of the operating system.
This means Windows 8 will have built-in encryption key management capability for SEDs, which reduces the impact of encryption on system performance by offloading encryption processing to hardware instead of using software-based encryption.
This is an exert from an article I posted earlier titled "2012: Will this be the year TPM finally comes of age?"
Warwick Ashford Tuesday 12 June 2012 06:26 posted @ http://www.computerweekly.com/news/2240157874/Analysis-2012-Will-this-be-the-year-TPM-finally-comes-of-age#MicrosoftWindows8supportforTPM
According to the WAVE employee I spoke with earlier at the time this was posted, he indicated WAVE was very involved with much of what is talked about above. IMHO the 3rd party mentioned above is WAVE.
So Barge, I believe you are correct.
Cheers,
Ski
Whoa Whoa Ro Ro, I would say you are jumping to a lot of conclusions or should I say endpoints...
I would agree spending Wave's war chest (what little they have) on some frivolous sponsorship, does not seem right. But we shareholders see things from a narrow point of view, and do not always see the big picture. Like you said, they have little debt.
As I said before, I feel your pain with the current share price. But don't yell "fire" before you know "all" the facts.
It easy to say this or that company is going bankrupt tomorrow but history shows otherwise...thus far.
Do automatic OS X security updates signal a sea change at Apple?
Experts say the move is positive, but it remains unclear if Apple has really changed its often criticized stance on security
June 26, 2012 — CSO — Perhaps Apple was hoping nobody would notice the somewhat subtle changes in the language on its "Why you'll love a Mac" webpage. After all, "It doesn't get PC viruses" and "It's built to be safe" are both reassuring messages. Not all that much difference between "Safeguard your data. By doing nothing," and "Safety. Built right in," right?
Wrong. Security experts, starting with Graham Cluley of Sophos, noticed it, broadcast it and pronounced it a very big deal. Writing on Sophos' Naked Security blog, Cluley pointed out the changes and surmised that since "one particular piece of Mac malware [the Flashback botnet] had infected 600,000 Macs worldwide, including 274 in Cupertino," the claim that Macs don't get viruses, PC or otherwise, was seriously compromised.
"People in glass houses shouldn't throw stones," Cluley wrote, adding that the tweaking of the wording, along with the company mentioning malware at a WWDC keynote address, amounted to "some important baby steps" in acknowledging that Mac malware is a reality and that Apple customers must do more than "nothing" to keep their machines safe.
Preston Gralla noted at Computerworld: "That marketing change may not strike you as substantial, but coming from Apple, it's a big deal. Apple has long denied any security problems with the Mac, detailed evidence to the contrary."
Other Apple critics gleefully piled on. Mihaita Bamburic, writing at BetaNews, said what he and others have been saying for years: The only reason Macs have been "safer" is because they are not as large a target.
"The Apple world, due to their irrelevance on the market -- around 10% PC share in the United States, less than 5% worldwide, according to Gartner and IDC -- hasn't gotten much attention from the bad guys," Bamburic wrote, and then mocked the language change. "What does Apple do in light of all this? No apologies, as it's too embarrassing. They quietly (like running through a room full of people thinking no one's going to notice) change their security motto."
But once the "we-told-you-so" chorus subsides, the more relevant question for millions of users is whether this "quiet" change in terminology signals a change in action. Is Apple going to take security more seriously?
Based on breaking news about Apple's newest OS X, Mountain Lion, and other recent events, the answer seems to be a qualified "yes." MacRumors reported Monday that the new system will have significant security improvements that follow Microsoft's lead: It will check for security updates daily instead of weekly, and will install them automatically.
Gregg Keizer reported at Computerworld: "Apple also said it beefed up the security of the connections between customers' Macs and its update servers, hinting at the same kind of improvement in encryption that Microsoft made this month after Flame, an advanced super-spy kit, was found to fake Windows Update downloads."
But, of course, that still leaves millions of Mac users -- the ones who will not be running Mountain Lion -- to install updates themselves, after they're notified.
Edy Almer, vice president at security software vendor Wave Systems, said he thinks the debate over PC vs. Mac security "misses the larger point: There are many security actions from both sides that have greatly improved the security posture of their respective [OSes.]"
Almer cites Apple's tight control of iTunes applications and adds: "The introduction of an app store proved immensely helpful in mitigating the risk of infection from malware. Microsoft mimicked this with its Win8RT model -- a much stricter lockdown of what can be installed and controlled through the app store."
And he notes that Apple has followed Microsoft's lead in the past as well: "The native FDE offering of BitLocker was later imitated with the introduction of FileVault2 in OS X Lion," he said, but adds that those improvements simply make the need more obvious for independent security software.
On another front, Brian Krebs, a former Washington Post reporter and author of the blog Krebs on Security, has criticized Apple for years for taking far too long to fix known security holes. In a 2009 blog at the Post, he reported, "I have reviewed the last three Java updates that Apple shipped during the past 18 months, and found that Apple patched Java flaws on average about 166 days after Sun (Microsystems) had shipped its own patch to fix the same vulnerabilities."
But in a post earlier this month, Krebs was more complimentary, noting that Apple had shipped a software update for Java on the same day as Oracle, the official producer of Java -- a vast improvement from, "consistently [lagging] months behind Oracle in fixing security bugs."
"It seems that Apple learned a thing or two from that [the Flashback] incident," Krebs wrote.
However, Krebs told CSO that while he suspects Apple wishes it had moved more quickly with the earlier Java patches, "it remains unclear how or if this incident has caused the company to take other such risks more seriously, or if indeed it has served to make Apple's attitudes toward security any less opaque."
Blake Turrentine, of HotWAN and a trainer for Black Hat, said he hasn't seen a shift. He said he has a difficult time finding antivirus products in Apple stores. "When I talk to one of those folks in the blue shirts, I ask them where's the antivirus software," he said. "Their 'programmed' answer is that Macs don't get viruses, they may get malware. Often they tell me they've been running without antivirus on their own personal systems for years and never had a problem."
"I guess ignorance is bliss when you're an unsuspecting player in a botnet," Turrentine said. "Forget that your shiny new Mac is shipped from China."
http://www.csoonline.com/article/709319/do-automatic-os-x-security-updates-signal-a-sea-change-at-apple-
The tide is turning, even Apple knows it needs to make a change...
Cheers,
Ski
7 steps to social media stardom
By Jeff Vance, Network World
June 25, 2012 12:01 AM ET
Social media is taking up more and more of our time, both at home and work. Many enterprises have even started to treat social media tools as mission-critical, meaning that if you don't start mastering them, your lack of knowledge could impede your career.
Where IT pros do their social networking
However, since social media is so new, there really aren't established best practices built around it. It's hard to determine what works and what doesn't, and it's easy to be blind to social media risks. Here are 7 social media tips and tricks that will help you better protect your privacy, attract more followers, and increase your reach and influence.
No. 1: Value your privacy
The worst privacy offender in the social media world is Facebook, or, more accurately, the invasive apps layered on top of the poorly secured Facebook platform. In October of 2010, a Wall Street Journal investigation found that the ten most popular Facebook apps were vacuuming up contact lists and stealing people's identifying data.
This practice violated Facebook's policies, so the social-media giant responded by giving the apps what amounted to a time out. They were suspended for the weekend and reinstituted the following Monday. That pretty much describes how important privacy is to Facebook.
Even the apps that take only the data you gave them permission to take may create problems. How many times have you gone on your Facebook page and seen that a friend has "read articles about 'Kim Kardashian's 5 secrets for a firmer butt'" (Yahoo News Reader) or watched a video of "Busty girl on the beach doing a backflip" (Socialcam)?
Never allow an app to announce your personal reading habits or other personal information to the world. Future employees, prospective mates, ex-spouses, future stalkers, random weirdoes all could end up knowing things about you that you'd rather they not.
The problem here is that we have made a deal with the devil on the Internet, and we then extended and deepened that deal when we moved to social media and smartphones.
As long as people refuse to pay for things on these channels, software creators and service providers will monetize their products by using your personal information. It's a business model with an aggregate market valuation well over $100 billion.
Until enough people refuse end-user agreements that violate your privacy, the problem will continue to get worse. To start getting a sense of the scope of the problem, install PrivacyScore, a browser plug-in that ranks how well apps, websites and trackers respect your privacy. You'll be shocked.
No. 2: Protect your posts
Privacy will probably never be completely fixed on social media networks, but tools are emerging to help you regain control. One of the best is the browser extension Scrambls.
"Would you let the phone company listen into your calls in order to target you with specific telemarketing offers?" asks Steven Sprague, co-founder of Scrambls and CEO of security company Wave Systems. "Of course not, but that's pretty much what social media does every day."
Scrambls encrypts social media posts and lets users specify exactly who can see them, across all social media sites. The user can form groups from friends and family, going as broad as everyone with a Gmail account down to a specific colleague or even those who know a certain password. Everyone else (including the social media site itself) will only see a series of random numbers and symbols, keeping content private and secure.
A cool feature is the ability to put an expiration date on posts, after which time only the author can see them. No more worrying about HR seeing some stupid post from a party five years ago.
"Delete is a false choice," Sprague says. He notes that there are plenty of posts - say, from our college years - we'll want to keep, but over time make less and less public.
The main trouble with Scrambls, though, is that it won't really be useful until a tipping point of users is reached. Otherwise, people don't know why hieroglyphics are showing up on your Twitter feed. There are a few other kinks as well, but it was just released at the end of April, so it's expected to improve.
No. 3: Embrace analytics
Not too long ago, marketing analytics were something that only large companies and agencies could afford. As social media advances, though, analytic tools are available not only to SMBs, but also to individuals.
Tracking your social media output can point to simple tweaks to make you more effective. For instance, if you're tweeting from a trade show, be sure you know the exact official hashtag for the show.
Analytics can be just as important if you want to promote a story or a tweet. For example, should you tag it BYOD or mobile or mobile security or something else. For two days in late April, #BYOD was tweeted 971 times by 654 different people, generating 1.7 million impressions with a reach of 1.1 million people. Compare that to #mobilesecurity at 38 tweets, 30 contributors, 25,500 impression, 17,600 reach, and it's clear that #mobilesecurity isn't a very good tag.
There are plenty of low-cost or free social media analytic tools out there. They may not offer the power of a Radian6, but not everyone has several hundred dollars to spend each month on a subscription. Google Analytics is a good place to start. Hashtracking.com will give you a free report with a transcript and data on 1,500 tweets (or 24 hours of tweets, whichever limit is hit first). Hashtag.org offers a free hashtag search engine, and, of course, Twitter itself offers some rudimentary analytic capabilities.
Analytics shouldn't be limited to Twitter. Other tools include PageLever, to gain insights into Facebook fan pages; SiteTrail, to keep track of your competitors' social media activities; Social Mention, to analyze key terms across platforms; and crowdbooster, which promises "a plan of action instead of just a stream of information."
No. 4: Don't be annoying
When a conference, trade show or other special event comes along, many people start tweeting like crazy. For followers, this can get to be a nuisance. If the tweets seem repetitive or irrelevant, some users may un-follow you.
The article goes on...
http://www.networkworld.com/news/2012/062512-social-media-260373.html?page=1
I disagree, they just signed Samsung who (I don't need to say) is the major player in the market and you call that bad?
No prospects... Heck. Had to cut back on hiring or let a few people go, that's management. Should have done that earlier before quarter reporting.
I think .20 - .30 is wishful thinking as is .40. But who knows.
I would have never thought wave would do 12 mil vol in a day so I know forces are much larger than you and I.
Cheers to all!
Ski
Where else would all the shares come from?
Especially, with the controlled price action.
It is not above big companies like Samsung or Microsoft to take a position in the companies they are doing business with. AND, with the ATM in the works, it makes it very easy to trade 12 million shares with out moving the share price much.
If you knew Samsung took that position would that influence your trading to the upside or down? I don't know this as fact, but who else carry this off?
Ski
Barge, what do you think about Fridays action?
Ok, with ATM and shorts out of the way, does anyone believe the share price won't move back up?
The good news is...
I know it sucks to see the stock this low in price, I feel your pain, but the last time it was at 80 cents a share. Seven months later it cleared $3.00 a share. GO WAVE :)
Ski
OBTW, Now, would be a good time for WAVE board members to load up on shares to show their support for us shareholders.