is presently fighting off an incurable lung cancer, think I maybe winning (mesothelioma)
Register for free to join our community of investors and share your ideas. You will also get access to streaming quotes, interactive charts, trades, portfolio, live options flow and more tools.
Register for free to join our community of investors and share your ideas. You will also get access to streaming quotes, interactive charts, trades, portfolio, live options flow and more tools.
HDD shortages to continue
Hard times ahead for hard drives
By INQUIRER Newsdesk
Friday, 3 July 2009, 12:47
SOURCES IN TAIWAN say the shortage of hard disc drives (HDDs) for notebooks will likely continue well into the third quarter, something which might seriously affect notebook OEMs.
DodgyTimes cites IC distributor GMI Technology and Weikeng Industrial, who work on behalf of Toshiba, Hitachi and Western Digital, saying that demand for Tosh's 250GB single-platter HDDs had shot up over the last couple of months.
Hitachi and Western Digital couldn't fill the gap because both had throttled back production until the beginning of Q2 due to weak short-term prospects.
Notebook OEMs are said to be concerned that the shortage may affect their Q3 revenues, although it's hard to predict by how much. µ
Donald! - This item maybe something to do to your theory? eom
Chinese censorship software nicked
US company claims
By Nick Farrell
Monday, 15 June 2009, 10:28
A US INSECURITY COMPANY is claiming that the controversial Internet filtering software the glorious Chinese government wants preloaded on every computer sold behind the bamboo curtain was half-inched.
Solid Oak Software of Santa Barbara told the AP that parts of its filtering software designed for parents tipped up in the code of China's "Green Dam-Youth Escort".
The company is trying to get a court injunction against the Chinese software development firm that built the 'Green Dam' software, but it admits that obtaining that could be a bit tricky.
China says that it wants to block violence and pornography. But critics say it censors many more things. Some researchers have also charged that it creates serious security vulnerabilities.
University of Michigan researchers who examined the Chinese software found the stolen code.
It was not exactly difficult. There are "blacklist" files in the Chinese source code that were obviously taken from Solid Oak's CyberSitter program. One file in the source code includes a 2004 CyberSitter news bulletin. µ
Donald - I bow to superior info, it's just that I seem to recall
posts a while back relating to Waves patents in force and from the outcome thought (most likely incorrectly) that we had patent protections. Duh! eom
DD! - I happen know for a fact that the Chinese universities have had their eyes on Wave's tech'for quite while (at least the last 5 years), but again it's my understanding - that Wave have always duly patented all of their developments, but what safeguards that gives in this day and age I wouldn't know. eom
With the weight of buying of late, seems to me like the Jack Tars are now looking for a signed deal to be aired (whenever that might be)and help complement their second pensions.eom
1.24 @ 75k looks even more promising eom.
Encrypting data on the move is the biggest challenge
Dan Raywood
May 26 2009
The biggest challenge of data encryption is to ensure that data on the move is properly encrypted.
Andy Cordial, managing director of Origin Storage, claimed that due to the amount of portable electronic data that is being processed daily, there is a constant challenge to ensure that data is properly encrypted whilst people, and the data is on the move.
Following comments by John Rollason from NetApp, who claimed that the quantity levels of what people are looking to store is ‘quite scary', with 80-90 terabytes being stored in some cases, Cordial said: "I agree that capacity is always an issue but the ability to encrypt a substantial amount of data in a portable solution is now a reality. Products are available in the market to ensure our government suffers no more embarrassing data leakage issues."
Cordial also claimed that it 'is now up to the government to introduce new legislation that enables innovative products to get onto an approval fast track that is not prohibitive in cost or in time'.
http://www.scmagazineuk.com/Encrypting-data-on-the-move-is-the-biggest-challenge/article/137394/
Via's security-on-a-chip to debut at Computex
Chip security
By Sylvie Barak
Friday, 22 May 2009, 19:56
LITTLE CHIP SHOP, Via says it will be showing off its integrated cryptographic security-on-a-chip technology at this year's Computex trade show in Taipei.
The CPU maker reckons it can wow punters with what its Veep of embedded technology, Daniel Wu, calls a "wholly new and more rational security infrastructure," by which we think he's referring to what are basically processor platforms with "security features embedded in their core."
Security has become a buzzword for chipmakers of late, with many of them scrambling to bung protective features into chips themselves. Via seems to have cracked it by sticking an in-built Advanced Cryptographic Engine on its Nano, C7 and Eden processors.
Via also says it will be showing off its recently announced Pico-ITXe and Em-ITX motherboard form factors as well as its IPRO VP7710 panel PC for kiosk, POI and HMI applications.
http://www.theinquirer.net/inquirer/news/1137460/via-security-chip-debut-computex
The governments really have to get to grips with this!
Blackmail fear over lost RAF data
By Richard Bilton
BBC News
The government has kept secret the loss of highly sensitive RAF vetting records, which one wing commander says leaves individuals open to blackmail.
Last September the Ministry of Defence (MoD) said data on tens of thousands of personnel were lost from RAF Innsworth in Gloucestershire.
BBC Two's Who's Watching You? show says 500 sensitive files were also lost with details of affairs, debt and drug use.
The MoD said all those affected had been told and given advice.
Security
It was said the disks the MoD admitted to losing were taken from a secure area, and included names, addresses and some bank account details.
Vetting is the process of assessing an individual for higher security clearance.
“ They'd ask you questions such as: is there anything unusual about your sex life? Have you had affairs? Used prostitutes? That sort of thing ”
Former RAF officer
An internal MoD memo - obtained by a former officer and passed to BBC Two's Who's Watching You programme - shows the lost files contained "details of criminal convictions, investigations, precise details of debt, medical conditions, drug abuse, use of prostitutes, extra-marital affairs including the names of third parties".
The e-mail - from an unnamed wing commander - says the data "provides excellent material for Foreign Intelligence Services and blackmailers".
In the memo, written three weeks after the disks were stolen, he added: "By not declaring that highly sensitive vetting information has been lost, I am concerned that we, the RAF, will be accused of attempting a cover up."
The man who obtained the memo is a former serving RAF officer. He regularly worked with top secret and highly sensitive information.
He has been through the vetting procedure and told the BBC it was a gruelling process.
'Hostile elements'
"They'd ask you questions such as: is there anything unusual about your sex life? Have you had affairs? Used prostitutes? That sort of thing. If the information got into the wrong hands then it could leave people wide open."
The MoD did admit the data loss incident but failed to announce the vetting details were lost.
The Information Commissioner's Office says it was not informed of the loss of such sensitive data. Parliament was not told about its loss either.
In a statement, the MoD said it treats all personal data seriously.
"All individuals indentified as being at risk received personal one-on-one interviews to alert them to the loss of the data, to discuss potential threats and to provide them with advice on mitigating action," the statement says.
"There is no evidence to suggest that the information held on the hard drive... has been targeted by criminal or hostile elements."
Flaw found in SSH that might allow encrypted data to be accessed
SC Staff May 11, 2009
Hackers may be able to access encrypted sensitive data due to a security flaw within the network protocol SSH.
Working with two PhD students from the Information Security Group, Martin Albrecht and Gaven Watson, Professor Kenny Paterson from Royal Holloway, University of London discovered a basic design flaw which opens up the possibility of limited plaintext recovery attacks against SSH.
It was previously believed that SSH was ‘regarded as impenetrable' as it aims to provide a secure channel between networked devices by encrypting and integrity-protecting data.
The team's attacks against the OpenSSH implementation of SSH exploits subtle differences in the way in which the software reacts when it encounters errors during cryptographic processing.
Professor Paterson said: “While the attacks have low success probabilities, it should be kept in mind that SSH is regarded as being a bullet-proof protocol and is widely used to protect remote logins to sensitive systems. So it's arguable that finding any chink in SSH's armour represents a significant result.
“The flaws that we found in SSH illustrate in a clear way the limitations that current theory has with respect to practice in the whole area of cryptographic protocol design. We need to develop better theory to help us study these kinds of attacks, and we need to develop better lines of communication to make sure that the theory gets translated into practice.”
Watson, who is sponsored by BT Research, said: “It is amazing to think that a short email from Kenny suggesting a paper I should take a look at, resulted in us researching exactly how SSH is implemented and ultimately led us to finding attacks against SSH.”
SSH is widely used by system administrators to allow them to securely access remote systems and to transfer sensitive data across the internet. OpenSSH is the leading SSH implementation, accounting for more than 80 per cent of SSH implementations on the internet.
Professor Paterson will present the findings at the IEEE Symposium on Security and Privacy in California, USA, on 18 May 2009.
Missile plans, banking details and NHS records found on old hard drives in investigation
Information for missile defence, banking details and NHS records have been found on old hard drives.
Dan Raywood May 07, 2009
Researchers from BT and the University of Glamorgan bought disks from the UK, America, Germany, France and Australia, according to a BBC report. The companies found that of 300 hard disks bought randomly at computer fairs and via an online auction site, 34 per cent still held personal data.
Details of test launch procedures for the Terminal High Altitude Area Defence ground-to-air missile defence system was found on a disk bought on eBay. It is designed to destroy long-range intercontinental missiles and was tested in March this year.
The missile system was designed and built by US defence group Lockheed Martin, the same computer hard disk also revealed security policies and blueprints of facilities at the group, and personal information on employees.
The BBC revealed that researchers said a disk from France included security logs from an embassy in Paris, while two disks from the UK appear to have originated from a Scottish NHS hospital trust.
The disks had information from the Monklands and Hairmyres hospitals, part of Lanarkshire NHS Trust, and revealed patient medical records, images of x-rays, medical staff shifts and sensitive and confidential staff letters.
Another disk, from a US-based consultant, formerly with a US-based weapons manufacturer, revealed account numbers and details of proposals for the $50bn currency exchange as well as details of business dealings between organisations in the US, Venezuela, Tunisia and Nigeria. Personal correspondence was also found from a member of a major European bank.
In a statement, Lanarkshire NHS Trust said: “This study refers to hard disks which were disposed of in 2006. At that time NHS Lanarkshire had a contractual agreement with an external company for the disposal of computer equipment.
“In this instance the hard drives had been subjected to a basic level of data removal by the company and had then been disposed of inappropriately. This was clearly in breach of contract and was wholly unacceptable.”
It claimed that it had carried out a review of its policies, and it now no longer uses external companies to dispose of IT equipment.
Rik Ferguson, senior security advisor at Trend Micro, said: “Remember, a standard deletion of data from a disk can be likened to simply removing the Contents and Index pages from a book, while leaving the rest of the book intact. To securely dispose of hard drives, use commercial secure deletion software or services, or more simply and cheaply, hit them several times with a large hammer.”
The results of the study will be made available in a paper appearing in the next issue of the Journal of International Commercial Law and Technology 2009.
Giesecke & Devrient Introduces New Security Solution for BlackBerry® Enterprise Server Customers
Munich/Orlando, May 6, 2009 - Giesecke & Devrient (G&D) launches an innovative security offering for users of the BlackBerry® Enterprise Solution that meets the highest requirements in IT security. G&D’s Mobile Security Card integrates with BlackBerry® Device Software 5.0, which is planned for launch later this year, and provides customers with an independent cryptographic module that authenticates users and also encrypts information sent to and from a BlackBerry® smartphone. The solution greatly increases security in everyday business life, and will be showcased for the first time at Wireless Enterprise Symposium 2009.
“Security in mobile devices is an increasingly important topic in the field of mobile communication. By developing a solution for the BlackBerry® platform, we are able to meet all the security requirements of our business customers on all levels thanks to additional encoding,” explains Dr. Kai Grassie, head of the New Business division at G&D.
Scott Totzke, Vice President of the BlackBerry® Security Group at Research In Motion (RIM) added: “The BlackBerry® solution is renowned for its robust and accredited security architecture. Working in conjunction with the secure BlackBerry® platform, the G&D Mobile Security Card offers increased flexibility and control to organizations that want to implement their own encryption standards for wireless communications.”
The BlackBerry® Enterprise Solution gives mobile users secure access to their e-mail, calendar, address book, tasks and notes as well as enterprise instant messaging, web-based applications and services (intranet) and other corporate applications, making work processes much more efficient.
For authorities and companies with special security requirements, G&D has extended its existing range of services to include a new solution which can be flexibly integrated in any organization’s IT procedures and is very easy to operate. It provides additional encryption for mobile e-mail – along the entire transmission route between senders and receivers.
Users simply have to insert the G&D Mobile Security Card into the microSD™ card slot of their BlackBerry® smartphone. In addition to providing usable data memory of at least 1 GB, the Mobile Security Card also contains an efficient smart card chip as an alternative to external smart cards.
The Mobile Security Card can act as an independent cryptographic module and takes over the function of user authentication and all encryption and signature operations. Users authenticate themselves to the Mobile Security Card by means of a two-factor process and, if successful, are then granted access to their BlackBerry® smartphone. This prevents any fraudulent use of the system by unauthorized parties. The card can also be integrated into the customer’s mail server environment to provide user-friendly encryption and signature services for e-mail traffic. The data stored on a BlackBerry® smartphone’s in-built memory can also be encrypted with the help of G&D’s Mobile Security Card.
Independent Software Vendors can also use the Mobile Security Card and flexibly develop their own security solutions. G&D integrated its Mobile Security Card into the BlackBerry® Device Software v5.0 to work in conjunction with BlackBerry® Enterprise Server 5.0. The solution will provide great added value for professional corporate use in the future, combining a high level of security with outstanding user friendliness.
The new security solution is suitable for use in all leading messaging systems including Microsoft® Exchange, IBM Lotus® Domino® and Novell® GroupWise®. It can act as a high-security platform for numerous mobile applications – for instance, the mobile use of ERP/CRM or online banking systems, which are particularly security-sensitive.
The solution will be sold by system integrators, value-added reseller and distributors.
About Giesecke & Devrient:
Giesecke & Devrient (G&D) is a technology leader in the field of smart cards, providing smart card based solutions for telecommunications, electronic payment, healthcare, ID, transportation, and IT security (PKI). G&D is also a leading producer of banknotes and security documents and is dominant in the field of currency automation. Based in Munich, Germany, the G&D Group has subsidiaries and joint ventures around the world. In fiscal 2007, the Group employed close to 9,000 people and generated revenue of more than €1.5 billion. For more information, visit our website at www.gi-de.com
Final Approval for Giesecke & Devrient’s Healthcare Card
Munich, May 5, 2009 - Giesecke & Devrient (G&D) is the first company to receive approval from gematik to issue an electronic healthcare card incorporating qualified electronic signature functions (QES). It meets all the requirements regarding functionality and security laid down by gematik and the Federal Office for Information Security (BSI). The optional QES feature means, for example, that insured parties will be able to sign applications electronically in the future. G&D anticipates that the first health insurance companies will request large quantities before the end of the year.
Hans-Wolfgang Kunz, Group Executive of G&D’s Government Solutions business unit, says: “This concludes the development work. We’re ready. The electronic healthcare card meets the highest security requirements and can now be introduced. We expect health insurance companies to order large quantities from us before the end of the year so they can issue their clients with the new card type.”
G&D produces around a quarter of all smart cards for the electronic healthcare sector in Germany. The company’s customers include DAK, KKH and other statutory health insurance companies. In addition to the new smart card, the Munich-based technology group is also to supply a high-performance background system that will in future control all the functions in the life cycle of around 70 percent of health insurance cards in Germany. This technology from Munich has already repeatedly proved its worth in designated test regions where electronic healthcare cards are being trialed, both in Germany and in international projects, e.g. in Taiwan and Austria.
About Giesecke & Devrient:
Giesecke & Devrient (G&D) is a technology leader in the field of smart cards, providing smart card based solutions for telecommunications, electronic payment, healthcare, ID, transportation, and IT security (PKI). G&D is also a leading producer of banknotes and security documents and is dominant in the field of currency automation. Based in Munich, Germany, the G&D Group has subsidiaries and joint ventures around the world. In fiscal 2007, the Group employed close to 9,000 people and generated revenue of more than €1.5 billion. For more information, visit our website at www.gi-de.com
Press contact G&D:
Heiko Witzke, Head of Media Relations
E-mail: heiko.witzke@gi-de.com
Phone +49 (0)89 4119 2422
barge! - I used to monitor the wave Ihub hits via those silly 3d doodles I included in my posts, China was always a prominent peruser - mostly Beijing university bods I think. (Also quite a few hits from good old Microsoft).
;?) eom
Barack Obama's new BlackBerry: The first details
The first details of Barack Obama's new high-security BlackBerry have emerged, highlighting the efforts White House officials have made to ensure that the US president does not have to go without his favourite gadget.
By Matthew Moore
Last Updated: 2:25PM BST 26 Apr 2009
Mr Obama's new Blackberry will come with state-of-the-art security features Photo: AFP/GETTY
Mr Obama revealed his devotion to the emailing device during the campaign trail but was forced to give up his personal handset after being sworn in, amid concerns that it could be targeted by foreign intelligence agencies.
The president has been forced to make do with a similar device – a Sectera Edge Smartphone created for the National Security Agency (NSA) to be virtually impregnable – but will take delivery of a specially-secured replacement BlackBerry in the next few months, according to reports.
His BlackBerry 8830 will run encryption software called SecureVoice, which has been developed by security firm Genesis Key with the NSA to ensure complete defence against hackers, the Washington Times claimed.
The software will allow Mr Obama to view documents classified as Top Secret while out of the White House, as well as letting him stay in touch with wife Michelle and other family members, who will also be issued with the handsets.
US law demands that all emails and other messages sent or received by the president be retained, so Mr Obama's staff have been working on an archive system to ensure that all his BlackBerry communications are preserved.
It has been reported that the president may have to wait up to 50 minutes to receive emails while they are scanned to ensure they do not contain are viruses.
During quiet moments in his presidential campaign Mr Obama was often seen flicking through messages on his BlackBerry, which he kept in a belt holster.
Asked about the prospect of losing his handset if elected, he replied: "They're going to have to pry it out of my hands."
oknpv! - eClinicalWorks or whoever gets the go-ahead for EHR software will dovetail nicely into our Wave Systems Trusted pc's. For the medical profession to embrace this, it is vital that the pc software being used - is extremely user friendly and will be readily adopted (doctors can be a funny lot).
These URL's you have here are all about the EHR software worldwide adoptions, but of course infuriately there's no mention anywhere yet of the real teeth required here to make this function utterly and completely safe.....which is us. eom
Seagate beats numbers by a tad
Crunch Are things starting to look up?
http://www.theinquirer.net/inquirer/news/748/1051748/seagate-beats-tad
By Charlie Demerjian
Tuesday, 14 April 2009, 07:52 SEAGATE HAD A relatively OK third quarter all things told. By that we mean above expectations in this otherwise dreary economy.
The raw numbers are that they shipped 39 million units, and took in $2.1 billion for them. This is above their last estimate of $1.6 to $2.0 billion and, in an economy where most companies don't hit even pessimistic estimates, every little gain helps.
Oddly, one of the high points according to Seagate was ATA products, which one would not expect the market to outperform on. On the other hand, 'enterprise' products took a dive by 20 per cent. To us, this says that people are upgrading their older machines and not buying new. If you make widgets, video cards, and CPUs that have a long upgrade path, things may be good for your company, but new shiny boxes are not a happy place to be this quarter.
When talking about between now to June, Seagate starts out with the disclaimer, "Current uncertainty in global economic conditions makes it particularly difficult to predict product demand and other related matters and makes it more likely that Seagate's actual results could differ materially from current expectations." For once, things like this are actually warranted.
That said, the magic 8-ball on the CFO's desk says that Q4 will basically be flat compared to Q3. This, combined with a restructuring and cutting of their dividend, will make things trend from reddish to blackish on their balance sheets. All in all, they are doing OK.
The hard numbers, in other words profit and loss, will be announced during their quarterly call on April 21. You can witness it here at 2pm Pacific time, but right now, you get a blank page.
Given the rosy (or not completely disastrous) numbers, could this be the first sign of an economic spring? µ
Obama announces new veterans' medical records system
WASHINGTON (CNN) -- The federal government is establishing a new system for updating medical records of servicemen and women during and after their military careers, President Obama announced Thursday.
The joint virtual lifetime electronic record will, among other things, help ensure a streamlined transition of health care records between the Pentagon and the Veterans Administration.
It will provide "a framework to ensure that all health care providers have all the information they need to deliver high-quality health care while reducing medical errors," the White House said in a background statement.
"When a member of the armed forces separates from the military, he or she will no longer have to walk paperwork from a [Defense Department] duty station to a local VA health center. Their electronic records will transition along with them and remain with them forever," Obama said in remarks delivered near the White House.
The system will "cut through red tape" and allow new veterans to start receiving their benefits more quickly, he promised.
During the announcement, Obama was joined by Defense Secretary Robert Gates and Veterans Affairs Secretary Eric Shinseki.
"We welcome this news. ... This is a huge day for veterans and troops," Paul Rieckhoff, head of Iraq and Afghanistan Veterans of America, told CNN.
"This is a good way for [Obama] to come back from Iraq and make a powerful statement."
The White House recently proposed a significant budget increase for the Veterans Administration, including an 11 percent hike in fiscal year 2010.
In March, however, the administration abandoned a controversial plan to charge private insurers for treatment of veterans' service-connected ailments.
Veterans' representatives and members of Congress angrily opposed the proposal, which White House spokesman Robert Gibbs said was never finalized.
Wave Assembles Leading Self-Encrypting Drive Vendors to Demonstrate Integrated Management Solution at RSA Conference '09
Fujitsu, Samsung, Seagate and Toshiba Demonstrating at Wave Booth; Partners Dell, HID Among Those Leading Pre-Conference Workshops
Last update: 8:33 a.m. EDT April 9, 2009
LEE, MA and SAN FRANCISCO, CA, Apr 09, 2009 (MARKET WIRE via COMTEX) -- Wave Systems Corp. (WAVX:
wave systems corp com new
News , chart , profile , more
Last: 0.51-0.01-2.84%
3:59pm 04/08/2009
WAVX 0.51, -0.01, -2.8%) announced today that it will be demonstrating its comprehensive solution for managing a wide range of embedded hardware security for PCs, including the new self-encrypting hard drives from leading drive vendors, at the Wave booth (#1039) during the RSA Conference, April 20-24. Wave offers robust, cross-platform management for all Opal-compliant and commercially available self-encrypting hard drives.
Self-encrypting hard drives have garnered headlines recently with the publication of the Trusted Computing Group's Opal storage specification -- a "blueprint" for ensuring design integrity and interoperability. Many analysts have praised self-encrypting hard drives with pre-boot authentication as an effective means of protecting against data breach, as information stored on a hard drive cannot be accessed without providing proper authentication credentials. The costs of data breach can be substantial, including the loss of trade secrets, marketing plans and competitive information, plus the costs, damage to reputation and potential liability inherent in notifying customers whose personal information may have been exposed from the breach.
"Wave has been diligently working with the leading hard drive vendors in the development of authentication and management solutions for self-encrypting drives, which boast faster performance and stronger security than software solutions with standard hard drives," said Steven Sprague, president and CEO of Wave Systems. "Security is improved because encryption is 'always on' and because encryption keys and access credentials are generated and stored within the drive itself."
Wave helps organizations increase security, reduce costs and simplify their approach to data protection by offering a suite of client and server software that works with the leading self-encrypting hard drives and other forms of endpoint security hardware. Wave's client software, Trusted Drive Manager, configures pre-boot authentication to the drives, access control settings, as well as enrolling administrators and users. Available separately, Wave's EMBASSY(R) Remote Administration Server enables IT administrators to remotely turn on each drive in seconds, provides remote recovery of credentials and captures detailed event logs for compliance purposes to prove that the security settings were in place when a loss or theft occurs. Wave will also be featured at Fujitsu's booth (#2616).
Self-encrypting drives are not the only form of endpoint security that Wave software supports. Wave's EMBASSY(R) client software manages the security functions on Dell's new E-family of business laptop computers, which include Trusted Platform Modules (TPMs), smart card readers, fingerprint readers and contactless smart card readers, which began shipping in August last year. Dell and fellow E-series partner HID, a developer of contactless smart cards, will be at the Wave booth demonstrating E-series security. Wave will also conduct demonstrations at HID's booth (#2317).
PARTNERS DEMONSTRATE REAL-WORLD APPLICATIONS OF FACTORY-INSTALLED SECURITY
What: Interactive Session for Developers: "The Next Authentication
Token"
Where: RSA Conference 2009 - Hall E, Orange Room 132, Moscone Center
North - Moscone Center - San Francisco, Calif.
When: Monday, April 20, 9 a.m.- 12:00 p.m. PDT
Who: George Kastrinakis, Director Product Management, Wave Systems
Corp.; Joseph A. McGinley, CISSP, CISM, PMP, Manager Global
Software Architecture, Diebold; David Corcoran, President,
TrustBearer Labs.
Presentation Details: The Trusted Platform Module (TPM), a standard feature on nearly all business laptops and housed on an estimated 300 million PCs worldwide, offers organizations a low-cost and secure way to prevent data loss, manage passwords and determine exactly who is on its network. The TPM performs these functions by generating and protecting digital keys, passwords and digital certificates within the confines of tamper-resistant hardware. But unlike smart cards or traditional tokens, the TPM is unique in that it supports both user and machine authentication in one token -- a simple, yet revolutionary concept, ensuring only authorized users and authorized PCs are on the network. Developers will learn how they can leverage TPMs they already have in-house to add much-needed multi-factor and strong authentication for enterprises grappling with compliance regulations amidst shrinking IT budgets. Experts will detail TPM integrations, discuss why they chose to use TPMs and provide specific use cases and "lessons learned" for those interested in using this industry-standard security token.
What: Interactive Session: "Encryption 2.0: Encrypting Hard Drives
Have Arrived"
Where: RSA Conference 2009 - Hall E, Orange Room 132 - Moscone
Center - San Francisco, Calif.
When: Monday, April 20, 1-4 p.m. PDT
Who: Craig Durr, Senior Product Manager, Dell; Brian Beard,
Marketing Manager, Samsung Semiconductor Inc.; Debra Spitler,
Vice President, HID Connect; Scott Stephen, IT Global
Client/Server Engineering Project Manager Seagate.
Presentation Details: Industry leaders will discuss their product strategies and roadmaps pertaining to the debut of factory-installed, self-encrypting hard drives. Self-encrypting hard drives with advanced user authentication provide the most secure and uncomplicated data-at-rest protection anywhere. Session attendees will hear firsthand from companies who have rolled out these solutions, why they chose self-encrypting hard drives, how they manage them and what benefits they have realized.
The RSA Conference, now in its eighteenth year, brings together the world's largest community of information security professionals. The event will be held at the Moscone Center in San Francisco. More details on the conference can be found at www.rsaconference.com/2009/us/index.htm. Details on the pre-conference Trusted Computing Group hands-on lab sessions can be found at: https:// www.trustedcomputinggroup.org/news/press/RSA_release_final_april_6_09_3_.pdf
About Wave Systems
Wave provides software to help solve critical enterprise PC security challenges, such as strong authentication, data protection, network access control and the management of these enterprise functions. Wave is a pioneer in hardware-based PC security and a founding member of the Trusted Computing Group (TCG), a consortium of nearly 140 PC industry leaders that forged open standards for hardware security. Wave's EMBASSY(R) line of client- and server-side software leverages and manages the security functions of the TCG's industry-standard hardware security chip, the Trusted Platform Module (TPM). TPMs are included on an estimated 300 million PCs and are standard equipment on many enterprise-class PCs shipping today. Using TPMs and Wave software, enterprises can substantially and cost-effectively strengthen their current security solutions. For more information about Wave and its solutions, visit http://www.wave.com.
Interesting link up here!
Siemens Enterprise Communications Group and Giesecke & Devrient collaborate on integrated security solutions
Munich, April 7, 2009 – Giesecke & Devrient (G&D) is supplying Siemens Enterprise Communications (SEN) with smart cards and cryptographic USB tokens from the StarSign product family. SEN is one of the world’s leading providers of unified communications technologies for corporate communications and of specialized security consulting services and solutions. In future, the two companies intend to offer their customers jointly developed company ID and identity solutions in a global cooperation model that will take effect immediately.
“In developing the StarSign family we have created highly secure and flexible identification solutions for company networks. The partnership with SEN will now enable us to offer these solutions to a much wider market,” emphasizes Dr. Kai Grassie, Head of New Business at G&D.
Franz-Josef Nölke, Solution Line Manager at SEN, comments: “The G&D products will extend our security systems integration business and thus complement our current portfolio. Our identity and privacy solutions help customers to implement the latest requirements in secure and reliable unified-communications and IT architectures in an efficient and targeted manner. By tightly integrating the G&D products into the TISA solution architecture, we will be offering our customers many advantages and new applications.”
Until now, SEN has primarily used smart cards featuring Siemens’ own operating system for use as company ID and signature cards. SEN will now also include StarSign products from G&D in its portfolio. The StarSign product series offers a broad range of security tokens in a variety of form factors and for different operating systems. The tokens are easily incorporated in all standard IT systems and applications and provide reliable electronic proof of identity. The plan is to integrate the StarSign products into SEN’s TISA (totally integrated security architecture) solution, which helps companies to align security solutions with their own business models and thus implement them in a secure, efficient and targeted way.
The increasing mobility of employees and the advance of teleworking create a major challenge for modern enterprises in protecting their valuable intellectual property against unauthorized access. Particular emphasis is placed on security issues, and watertight security solutions are required for all systems and applications. Identity management includes areas such as maintenance of identities, rights and guidelines administration, as well as user and access management. Companies must protect themselves against unauthorized access to their corporate networks and applications. Employees must be able to authenticate themselves reliably and without ambiguity from both inside and outside the company.
About the Siemens Enterprise Communications (SEN) Group:
The SEN Group is a premier provider of enterprise communications solutions. More than 14,000 employees in 80 countries carry on the tradition of voice and data excellence started more than 160 years ago with Werner von Siemens and the invention of the pointer telegraph. Today the company leads the market with its "Open Communications" approach that enables teams working within any IT infrastructure to improve productivity through a unified collaboration experience. SEN Group is a joint venture between the private equity firm, The Gores Group, and Siemens AG and incorporates Siemens Enterprise Communications, Enterasys Networks, SER Solutions, Cycos and iSEC. In fiscal 2008, The SEN Group generated revenues of approximately 3.21 billion Euros. For more information about the Siemens Enterprise Communications Group please go to www.siemens.com/open.
Siemens Enterprise Communications GmbH & Co. KG is a Trademark Licensee of Siemens AG.
About Giesecke & Devrient:
Giesecke & Devrient (G&D) is a technology leader in the field of smart cards, providing smart card-based solutions for telecommunications, electronic payment, healthcare, ID, transportation, and IT security (PKI). G&D is also a leading producer of banknotes and security documents and is dominant in the field of currency automation. Based in Munich, Germany, the G&D Group maintains subsidiaries and joint ventures around the world. In fiscal 2007, the Group employed close to 9,000 people and generated revenue of almost €1.5 billion.
For more information, visit our website at www.gi-de.com.
Press Contact G&D:
Heiko Witzke, Head of Team Media Relations
E-Mail: heiko.witzke@gi-de.com
Phone: +49 (0)89 4119 2422
barge! - Looks like the Obama magic at work here, I think you've nailed it pretty good, it's clear to me that there's a distinct coordinated effort to push this forward as soon as poss', well done! - Lets hope there's some traction. eom
barge! - “If Wal-Mart is successful, this could be a game-changer,” observed Dr. David J. Brailer, former national coordinator for health information technology in the Bush administration.
Brailer has been a supporter of EHR and h/ware encryption, but just seemed to lose heart amongst the grey skulls.
Unseen hands are pushing this readily available pc tech to be,into the direct market place. IMO eom
Senator says his office computers were hacked
* By Ben Bain
* Mar 23, 2009
Three lawmakers are writing a bill designed to expand the cybersecurity workforce and bolster collaboration between the public and private sectors. Authors include Sen. Bill Nelson (D-Fla.), who said his office’s computers have been hacked on several occasions.
Nelson announced March 20 that he is working with Sens. John Rockefeller (D-W.Va.) and Olympia Snowe (R-Maine) to draft the legislation. Rockefeller, chairman of the Senate Commerce, Science and Transportation Committee, said during a hearing before that committee March 19 that the bill would seek to increase the cybersecurity workforce.
Experts continue to debate what new laws and regulations are needed to improve cybersecurity. Meanwhile, the Obama administration is more than halfway done with a 60-day review of the country’s cybersecurity efforts.
In addition, the administration has pledged to appoint a national cyber adviser to coordinate federal agency efforts and the development of a national cyber policy. That person would report directly to the president, according to the administration’s homeland security platform.
In a statement, Nelson said the senators’ bill would:
* Create a permanent national cybersecurity position that would report directly to the president.
* Require intelligence and homeland security officials to perform vulnerability assessments.
* Establish a clearinghouse so the government and private sector could share information on cyber threats and vulnerabilities.
* Fund scholarships to expand the cybersecurity workforce.
Nelson said computers used by three of his staff members were recently targeted in multiple attacks, but the hackers, who are believed to be in China, could not access any classified information.
One of attacks looked "pretty serious, and it [was] talking to a computer in some international arena,” Nelson said during the March 19 hearing.
Army database may have been breached
•By Doug Beizer
•Mar 12, 2009
An Army database that contains personal information about nearly 1,600 soldiers may have been penetrated by unauthorized users, Army officials have announced.
Soldiers who registered with, or participated in, the Army-sponsored Operation Tribute to Freedom program during the past five years may be affected by the security breach, Army officials said March 10. The service is notifying those soldiers about the issue through e-mail messages and letters.
The information that may have been breached includes the service members' names, e-mail messages, phone numbers, home addresses, awards received, ranks, gender, ethnicity, and dates the soldiers deployed and returned from their deployment, Army officials said.
Only information that was provided at the time of registration was potentially compromised, officials said. The Criminal Investigation Command is investigating how the password-protected, secure Web-based information was penetrated.
Operation Tribute to Freedom lets soldiers share their stories with the public. The program’s speakers service helps event coordinators find the soldiers for events and the service members speak about their experiences in Iraq and Afghanistan.
About the Author
Doug Beizer is a staff writer for Federal Computer Week
This disclosure I reckon means!
there will be is important news in the pipeline. eom
Maynard!- Nobody knows tiddleypom ... but its nice action for those that bought in @ .4 eom
White House updates progress on cybersecurity review
* By William Jackson
* Mar 03, 2009
The White House blog has posted an update about the cybersecurity review ordered in February by President Barack Obama. The review will help to define the White House strategy for better security the nation’s information infrastructure, both in the government and private sectors.
The post says:
“John Brennan, assistant to the president for homeland security and counterterrorism, passed along this update about the ongoing review of our nation's communications and information infrastructure.
“In response to President Obama’s direction, the National Security Council and Homeland Security Council are presently conducting a 60-day review of the plans, programs, and activities underway throughout the government that address our communications and information infrastructure (i.e., cyberspace). The purpose of the review is to develop a strategic framework to ensure that our initiatives in this area are appropriately integrated, resourced and coordinated both within the executive branch and with Congress and the private sector.
“Our nation’s security and economic prosperity depend on the security, stability, and integrity of communications and information infrastructure that are largely privately-owned and globally-operated. Safeguarding these important interests will require balanced decision making that integrates and harmonizes our national and economic security objectives with enduring respect for the rule of law. Guided by this principle, the review will build upon existing policies and structures to formulate a new vision for a national public-private partnership and an action plan to: enhance economic prosperity and facilitate market leadership for the U.S. information and communications industry; deter, prevent, detect, defend against, respond to, and remediate disruptions and damage to U.S. communications and information infrastructure; ensure U.S. capabilities to operate in cyberspace in support of national goals; and safeguard the privacy rights and civil liberties of our citizens.
“The review will be completed by the end of April 2009. At that time, the review team will present its recommendations to the President regarding an optimal White House organizational construct to address issues related to U.S. and global information and communications infrastructure and capabilities. The recommendations also will include an action plan on identifying and prioritizing further work in this area.”
About the Author
William Jackson is a senior writer for GCN.
Administration to request more for cybersecurity
* By Ben Bain
* Feb 26, 2009
President Barack Obama wants $355 million for the Homeland Security Department’s cybersecurity efforts in fiscal 2010, according to an overview of his budget proposal released today.
The document states that Obama wants the $355 million to support DHS’ National Cybersecurity Division and the department's role in the Comprehensive National Cybersecurity Initiative (CNCI). The money would be “targeted to make private- and public-sector cyber infrastructure more resilient and secure,” the document states.
The division received $313.5 million in the fiscal 2009 budget, which includes $254.9 million for the department’s share of CNCI. DHS’ role in the government’s overall cybersecurity effort has been the subject of debate among experts, and the Obama administration is reviewing the government’s cybersecurity programs.
Although no dollar amount was provided for the classified National Intelligence Program that funds intelligence agencies, the budget document promised increased funding for an integrated cybersecurity strategy that includes homeland security, intelligence, law enforcement, military and diplomatic components.
“The threat to federal information technology networks is real, serious and growing,” the overview states. “To address this threat, the president’s 2010 budget includes substantial funding for cybersecurity efforts; such activities will take an integrated and holistic approach to address current cybersecurity threats, anticipate future threats and continue innovative public/private partnerships.”
According to the document, the fiscal 2010 budget would also support efforts to improve information and intelligence sharing among state, local and federal authorities — particularly the effort being led by the Office of the Director of National Intelligence’s Program Manager for the Information Sharing Environment to standardize how authorities share reports on suspicious activity that has potential terrorism links.
About the Author
Ben Bain is a reporter for Federal Computer Week.
Visa confirms another payment processor breach
Dan Kaplan
February 24 2009
Another payment processor has fallen victim to hackers, Visa confirmed on Monday.
Visa and MasterCard are notifying banks about accounts impacted by a "major compromise," unrelated to the massive Heartland Payment Systems incident announced last month, according to a number of credit unions and banking associations.
The hackers apparently breached the processor in the same way they infiltrated Heartland -- by placing malicious software on the network, according to an alert from the Pennsylvania Credit Union Association.
Visa hosted a conference call on Feb. 12 to notify member banks about the breach, which affected transactions made from February to August 2008, the association said. The incident involves account numbers and expiration dates, but no track data was compromised; therefore the attackers would be unable to make counterfeit cards.
The size of the breach appears significant but fewer cards were affected than in the Heartland case, the Community Bankers Association of Illinois said in its own announcement. That breach potentially exposed as many as 100 million accounts.
The victim in this case appears to be a provider that processes online transactions, said David Shettler, vice president and CTO of Open Security Foundation, a nonprofit that researches data breaches.
He told SCMagazineUS.com on Monday that the group has been receiving tips about the breach since Feb. 12, but few details have been confirmed.
"What concerns me is that Visa and MasterCard, they clearly know who it is," Shettler said. "That just won't say anything because the processor hasn't come clean. The of sort feel it gives people is that Visa and MasterCard are covering for some unnamed organization."
Visa and MasterCard began notifying card issuers about affected accounts on Feb. 9 and 13, respectively.
It is unclear whether this processor was compliant with payment industry guidelines, the association said. Heartland was deemed Payment Card Industry Data Security Standard-certified (PCI DSS) when it announced its breach.
This marks the third data-loss incident to impact payment processors in the past three months. In December, RBS WorldPay disclosed a breach that affected some 1.5 million card users. Shettler said cybercriminals are zoning in on these entities because they deal with the most amount of information.
"You can crack into merchants, but that's a limited scope," he said. "If I were the payment card industry, namely Visa and MasterCard, I'd be concerned."
Visa said it was working with business and financial institutions to improve security measures.
"It's essential that every business that handles payment card information adhere to the highest data protection standards to protect the security and privacy of their customers' financial information," Visa said in a statement.
A representative from MasterCard could not be reached for comment.
'Having fun yet today?' - No Darth, but the MM's are!!! eom
Security issues affecting mobile users as they spend more time and money recovering from incidents
SC Staff
February 16 2009
Mobile users are experiencing more security issues than ever before and spending more time and money on recovering from incidents.
New research from McAfee in its Mobile Security Report 2009 has shown that security is proving a barrier to service innovation and the development of new business models. It claimed that half of all global manufacturers have reported mobile malware infections, voice and spam attacks, third party application problems or incidents that caused network capacity issues.
More than 40 per cent of manufacturers reported that they had experienced security threats across the complete range of the most common mobile security threats. Voice or text spam attacks have hit the greatest number of devices with incidents affecting 17 per cent of manufacturers last year.
There was also a considerable rise in the number of issues with third party applications and content, with prematurely released applications causing severe network capacity issues or crashing and locking devices altogether.
Three quarters of respondents agreed that carriers and manufacturers should carry the cost of security and only 12 per cent thought that users should be involved with handling security measures.
Victor Kouznetsov, senior vice president of McAfee Mobile Security, said: “Attempts to make the mobile ecosystem more open have shown early signs of success yet attacks on mobile networks and devices continue to grow in both complexity and sophistication.
“This elevates concerns surrounding the security for both existing and emerging services. Hence it is encouraging to see that mobile manufacturers are looking to regain control of providing security functionality to safeguard their users.”
http://www.scmagazineuk.com/Security-issues-affecting-mobile-users-as-they-spend-more-time-and-money-recovering-from-incidents/article/127380/
weets! - S'cuse me for asking, but just a thought how many laptops have you guy's all got? seems every week somebody's just bought the latest singing and dancing pc, anyway taking a leaf out your books a few months ago I went and bought my poor unsuspecting wife a Dell Lattitude, but to my shame I've not felt brave enough to fire up the Wave 'stuff', as I'm worried that if she saw the Wave logo flash up she could well take a hammer to it (what with Mrs Boom not being a true wavoid and all, ahem! if you understand my drift)eom.
;?) - Oh well and so it goes tiddlypom....
Vacationhouse! - Many thanks for your many warm and thoughtful postings, the input you provide gives the board a homely and informative substance. eom
Boom
New disk encryption standards could complicate data recovery
So, what do you do if you lose your password?
By Lucas Mearian
February 2, 2009 (Computerworld)
When the world's largest disk-makers joined last week to announce a single standard for encrypting disk drives, the move raised questions among users about how to deal with full-disk encryption once it's native on all laptop or desktop computers.
For example, what happens if a user loses a password -- essentially leaving the drive filled with data that can no longer be unencrypted? Or what if a drive becomes corrupted or damaged, the data has to be recovered by a third party -- and your password is on the drive?
"Then you have just killed yourself," said Dave Hill, an analyst at research firm Mesabi Group.
The Trusted Computing Group (TCG), made up of disk hardware and software vendors, last week published three encryption specifications to cover storage devices in consumer laptops and desktop computers as well as enterprise-class drives used in servers and disk storage arrays.
Some industry observers believe that within five years, all disk drive manufacturers will be offering drives -- both hard disk and solid-state disk -- that use the specifications for firmware-based encryption.
While enterprises using drives with full-disk encryption, such as the Seagate Momentus 5400 FDE.2 drive or Fujitsu's 2.5 7200rpm self-encrypting drive, would monitor them through a central access administrator with a master password to unencrypt, consumers purchasing laptops or desktops with drives would face a more daunting scenario: They would need to either back up their data and their passwords, or lose their drives and data.
Robert Thibadeau, chief technologist at Seagate Technology LLC and chairman of the TCG, said the current disk-encryption specifications allow users to create more than one password to access data, so that if a user were to lose one, he could still access his hard drive with a backup password.
"Furthermore, with some password settings, you can provide a password that allows erasure so you can put the drive back into use, but the data will be gone," Thibadeau said.
If a drive were to become corrupted or the hardware damaged and a data recovery firm needed to retrieve a user's disk, Thibadeau said, the recovery firm could use the password to recover data from the damaged hardware. The TCG is also working with data recovery firms to create a technique that would allow them to recover encrypted data on drives using the standards, without requiring a user password.
Currently, however, if a user loses his password and a drive becomes damaged or corrupted, the data is not recoverable, Thibadeau admitted.
David Virkler, CIO at AdaptaSoft Inc., a payroll systems software and services company, said that administration of drives with hardware-based encryption is easy and that he has seen no I/O slowdown. Virkler installed Seagate's self-encrypting, 2.5-in. Momentus 5400.2 drives in October 2007 on his company's Dell laptops in order to protect customer financial data that his company often deals with in its service capacity. He paid a $40 premium for each self-encrypting drive, spending about $120 total for each 80GB drive.
While the rollout was easy, he acknowledges that if a company doesn't already have a group policy in place -- a domain name server and an active directory -- then it would be "painful" to roll out. "You'd have to manage each laptop individually," he said.
At AdaptaSoft, Virkler instituted a policy at the time of the rollout that warned workers not to keep critical data on their laptops; they were told to always use the company's network drive instead for the highest-priority information in case of a drive failure. "If laptop crashes, I'm not going expend a lot of energy to get it back. I'd also imagine any data recovery options would be nearly impossible," he said.
Virkler said he's now interested in using self-encrypting drives in his data center, but he's not sure how they would work, since he also runs Citrix and virtualization software.
Ken Waring, IT director at CBI Health in Toronto, said his organization needs encryption on its drives to protect sensitive patient information, but he's also concerned about emerging technologies, including the standardization of full-disk encryption and the problems it might create.
But, as Waring put it, "it's still a million times better than having nothing. And, as a business, you can only take what's available to you."
Mesabi Group's Hill agreed, saying that not only is data with full-disk encryption safe if a computer is stolen or lost, but the technology also automatically puts a company using the drives in compliance with state laws such as California's data breach notification mandate. That law requires companies to notify the public when unencrypted drives are lost or stolen.
CBI Health is a national network of more than 135 community and hospital-based rehabilitation, medical and health care facilities. Three years ago, Waring switched from Lenovo to Dell laptops in order to get hardware-based encryption, replacing a software-based encryption product that he found arduous to manage and unreliable.
Waring found that drives encrypted with software would sometimes unencrypt themselves -- leaving the data open to theft. And "we've experienced five drive failures due to the encryption software, but none from hardware," he said.
Today, 90 of CBI Health's 200 laptops use Seagate's Momentus drives with native full-disk encryption. The other users will move to Seagate drives as they are replaced at end of life, Waring said.
CBI Health uses Wave Systems Corp.'s Embassy Suite encryption management software to monitor its encrypted drives, including storing passwords.
Waring understands the concerns about lost passwords and damaged drives but said that Wave's software allows CBI Health to keep a single administrative password to access encrypted drives in case a user loses his password. In addition, Waring backs up all drives, so if one is damaged, the data is not lost.
"Our company as a whole is trying to harden every element of its architecture," he said. "We felt it was prudent to start where we are most vulnerable -- mobile devices that people leave in their cars or have in their homes."
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9127178
Tommy! - There was a rumour that our Bruno had parted from Wave? eom
VA agrees to pay $20M in laptop theft case
* By Mary Mosquera
* Jan 28, 2009
The Veterans Affairs Department has agreed to pay $20 million to settle a lawsuit filed by veterans over the risk of potential identity theft when a VA laptop PC that contained their sensitive information was stolen in 2006. The laptop contained files with personally identifiable information on millions of veterans, such as names, birth dates and Social Security numbers.
Attorneys for the VA and the veterans filed legal papers Jan. 27 in U.S. District Court for the District of Columbia to settle the suit, and a judge must approve the terms of the settlement. The class-action lawsuit, filed in 2006, asked for $1,000 in damages for every veteran whose data was put at risk.
After the theft, the VA offered to provide credit protection for veterans whose data was on the laptop thieves stole from the Maryland home of a VA analyst. Law enforcement officials later recovered the laptop PC, and forensic investigators determined that the criminals had not accessed sensitive data, department officials said.
“We want to assure veterans there is no evidence that the information involved in this incident was used to harm a single veteran,” a VA spokeswoman said in a statement.
Taxpayers ultimately would pay for the $20 million proposed settlement through the Treasury Department’s Judgment Fund, the VA said. The fund is available for court judgments and the Justice Department's settlements of actual or imminent lawsuits against the government, according to Treasury's Web site. Congress appropriates funds for the account, and for settlements such as this, agencies do not reimburse the account, the department said.
In a notice the VA prepared to be sent to veterans about the proposed settlement, the department said a veteran could receive the actual cost of out-of-pocket expenses up to $1,500 with a valid claim submission, and the minimum payment for each valid claim would be $75.
The claim would be for expenses that were the direct result of the computer theft, including the purchase of credit monitoring to protect against identity loss and medical expenses incurred that were the result of severe emotional distress, the notice said.
The computer theft and the department's delay in notifying veterans and other federal officials prompted hearings in Congress, the firing of some VA officials, and revelations by the department's inspector general of serious gaps in computer and information security. In the wake of the theft, the Office of Management and Budget issued numerous requirements for agencies to strengthen the protection and confidentiality of personally identifiable information. Those measures include encrypting sensitive data on mobile devices, conducting inventories of systems that contain personal data and implementing a breach-notification process.
Barack Obama reunited with 'Blackberry'
Barack Obama has taken delivery of his new personal emailing device after revealing his devotion to the Blackberry during his presidential campaign.
Last Updated: 7:28AM GMT 30 Jan 2009
Barack Obama reunited with 'Blackberry'
US President Barack Obama uses his BlackBerry or similar device as he walks to the Oval Office after returning to the White House in Washington, DC Photo: AFP
Mr Obama was spotted tapping away outside the Oval Office before holstering the gadget on his belt, as photographers snapped away.
Mr Obama's super-secure device - nicknamed Blackberry One in the media - is believed to be encrypted to stop foreign intelligence agencies eavesdropping on the president's private communications or tracking his whereabouts.
The president, who says his device is a window out of his strictly controlled world of official meetings and blanket security, told reporters last week he had won a battle with lawyers and the Secret Service to keep the device.
"The president has a BlackBerry through a compromise that allows him to stay in touch with senior staff and a small group of personal friends," said White House spokesman Robert Gibbs last week.
"It's a pretty small group of people."
"The security is enhanced to ensure his ability to communicate, but to do so effectively and to do so in a way that is protected," he added.
According to The Atlantic magazine, the president will be using a standard BlackBerry but one equipped with a "super-encryption package" developed by an intelligence agency, probably the National Security Agency.
Other reports suggested that the President would be furnished with a Sectera Edge, made by General Dynamics, the military contractor, and developed specially for the NSA.
Mr Gibbs confirmed that any emails sent or received by the president would be subject to the post-Watergate Presidential Records Act of 1978, which requires that a record be kept of all White House communication.
Tide continues to quicken!- And look this is coming from the UK 'cus as far as IT security goes.... generally recognised to be years behind you guys!
http://www.scmagazineuk.com/Monster-hacking-and-data-breach-could-lead-to-enforced-regulation-and-phishing/PrintArticle/126539/
Monster hacking and data breach could lead to enforced regulation and phishing
Dan Raywood
January 29 2009
The Monster.com hacking and data breach could lead to US style regulation.
Nick Garlick, managing director of Nebulas Security, claimed that unless organisations tackle the situation surrounding network security, they will face tough external regulation forcing them into straight-jacket systems designed to protect personal data properly. He believed that such regulation, currently being drafted in the US, will have benefits but could mean additional cost and overheads.
Garlick said: “In this online world, business and government have a duty of care to handle personal information with the greatest security possible. Companies often argue that the right technology doesn't exist, but that's simply not the case.
“The technology is available to stop information theft: what's missing in many businesses is the knowledge and willingness to implement the technology and to enforce security policies alongside it. It doesn't cost the earth, and it will stop these kinds of attack in their tracks. Using such systems, the attack on Monster.com was easily preventable.”
Meanwhile David Vella, director of product management at GFI Software, believes that Monster.com customers must be more cautious, especially with their emails, as phishing attempts are likely to soar.
Vella said: “If anything, now is not the time to start ignoring or relaxing online security. Economic downturns and similar sociological situations provide rich pickings for cybercriminals, eager to capitalise on people's vulnerability.
“The fact that so many personal details, ranging from addresses and emails to education and employment history, and are now available is of course disastrous and opens up so many people to fraud.”
White House e-mail system crashes
* By GCN Staff
* Jan 27, 2009
E-mail service failure forces staffers to turn to cell phones
Obama administration officials, already frustrated by having to surrender their modern technology tools for the archaic systems of the White House, got a fresh dose of indignity when the White House e-mail system ground to a halt yesterday, the Washington Post reports.
According to various reports, the e-mail servers started failing about 10 a.m. and disruptions lasted well into the evening yesterday. White House aides reported not receiving a single e-mail throughout the day on their computers or BlackBerrys.
Obama aides had just switched over from their now-defunct transition accounts during the weekend and were handing out their spiffy new government e-mail addresses when the outage hit, the Post reported.
Here comes the dollar sign $ eom