Register for free to join our community of investors and share your ideas. You will also get access to streaming quotes, interactive charts, trades, portfolio, live options flow and more tools.
Register for free to join our community of investors and share your ideas. You will also get access to streaming quotes, interactive charts, trades, portfolio, live options flow and more tools.
D2,
Agree. The most important thing for me is not the PwC structure or potential. It is this:
"Bill Ross, director, Cyber Mission Assurance Systems (CMAS), Information Assurance Division, General Dynamics C4 Systems gave a case study approach to his company's recent efforts involving security. He noted in his presentation the importance of TCG in the standards. "The fundamental premise or underpinnings of the High Assurance Platform is the Trusted Computing Group," he said."
Wavx appears to be running ahead of the pack. The question is: "did we bet on the right horse?".
Anything un-WAVX like would be welcome.
NSA Director says citizens' privacy will never be compromised
Posted on 08 September 2010.
Cybersecurity and citizens' privacy won't be mutually exclusive terms for the federal government, vows NSA Director Gen. Keith Alexander.
"As the director of NSA and the commander of U.S. Cyber Command, I have an obligation to the law and to the American people to ensure that everything we do in cyberspace preserves and protects our civil liberties and operates legally under the constitution, while concurrently conducting our mission," said the General in his address at the O'Reilly Media Gov 2.0 Summit.
According to eSecurity Planet, he followed with a general overview of the things that the U.S. Cyber Command is in charge of: monitoring the .mil domain, helping civilian agencies when it comes to matters of information security, uniting the various military information security units.
He also made sure to note that government systems are always under attack from foreign and domestic hackers - the DoD system are probed some 250,000 times per hour, and the DHS reports that the number of cyber attacks against U.S. systems has risen by 150 percent since 2008.
"Considering the body of both personal and national treasure that resides on the Internet -- information, money, medical records, personal email, critical infrastructure and, most important, national security -- it is not a hyperbole to say that we have as much at risk or more than any other nation," Alexander said.
ssshhhhhhhh! It so stealthy the customer doesn't even want to know they implemented it! :P
Awk, thanks. Cleared some memory but same result. Will try alternate methods.
MaynardG,
Thanks much for the effort and reply. I too have tried repeatedly (> 12 times) but all to no avail. Gets hung up at about 0.5 MB. A couple more times and I'm throwing in the towel. Hope your having a terrifc weekend.
Cannot open link from site. Anyone else having trouble? Thanks.
Bravo! Keen situational awareness.
I remember talk some time ago about Stevey and others possibly taking this company private by using a third party to purchase stock on the market. Of course they would have to drive down the price first. Any one still of this sentiment?
Jas,
Just got to your message, thanks for the good info.
Hope you are enjoying your weekend.
Wasn't it confirmed to be Mazda?
Thanks. Good news.
Thanks but how did they get in the mix? I've been gone (out of Wavx)for quite a while. Maybe some exciting news can entice me back in?
I'm sorry....who is PwC again? TIA.
Anyone going to venture a guess as to who this may be???
Hmmmmm, was that Bitlocker WITH TPM???
One that got away
Feature: VA beefs up security measures in response to stolen laptop
The U.S. Department of Veteran Affairs (VA) has put measures in place to prevent both malicious and accidental situations where personal information could be potentially compromised, Steve Kastin, MD, Chief Healthcare IT Strategist with enterprise infrastructure engineering at the VA's Office of Information and Technology, said in an interview.
In January 2009, the VA ended three years of litigation after a laptop was stolen in what is suspected to have been a routine burglary in 2006, with the VA agreeing to pay a $20 million settlement to those whose personal information was on the laptop. After a thorough investigation, it was determined that the personal information contained on the laptop had not been accessed by the thieves.
Since then, to protect against the potential loss of sensitive information, the VA mandates full-disc encryption on all VA-issued laptops, according to Kastin. This means that for government-owned equipment, if a laptop does get misplaced or stolen, the hardware is protected not just by password protection but the hard drive is fully encrypted so “even if someone took out the disc and put it in another computer as a second disc, they still wouldn’t be able to access its information.”
However, remote access to the VA systems is accomplished using Cisco-based VPN software that the VA calls RESCUE (Remote Enterprise Security Compliance Update Environment). There are two versions of RESCUE, one for government-furnished equipment (GFE) and one for non-government furnished equipment (OE – “other equipment”).
Both versions of RESCUE establish a secure VPN tunnel through the VA’s firewall, and also scan the remote computer prior to full connection, to assure that a VA-approved firewall and anti-virus software is running, according to Kastin.
“VA employees using GFE for remote access are able to save work on the remote computer, but doing so is discouraged, and if they want to save or store sensitive data on the remote computer, special advance permission is required,” Kastin stated.
In addition, the OE version of RESCUE creates a virtual desktop on the remote computer, which gets deleted at the end of each session. The local hard drive or any kind of removable storage (like a flash drive) is inaccessible with RESCUE OE, according to Kastin. While employees could save files to the virtual desktop, they would be deleted when the employee disconnects so “when you’re coming in on personally-owned equipment, there is no technical way to save data on your local machine.”
An additional security measure VA is undertaking is to secure storage devices like flash drives and portable hard drives. Using Sanctuary Device Control (SecureWave), VA is able to disable the USB port for any non-approved input devices. The only devices for mass storage that get approved by VA are ones that are encrypted, according to Kastin.
Some input devices that VA uses are password protected and some are biometric-protected. “For the biometric devices, there is a fingerprint reader built into the device where you swipe your finger over the reader to unlock it,” Kastin stated.
“We are also in the process of implementing programs that scan outgoing e-mails to look for patterns that look like personal information that shouldn’t be emailed out, like a social security number,” Kastin said. In this example, the program would look for a pattern of numbers in outgoing emails that start with three numbers, then a dash, then two numbers, then another dash, and ending with four numbers.
As far as optical drives go, VA’s strategy is to not buy a computer with an optical drive unless it really needs one and even then, Sanctuary can disable the writing component so the optical drive becomes just a reader for educational purposes, according to Kastin.
“The goal,” said Kastin, “is to minimize the amount of VA data stored on remote equipment such as laptops, even with full disc encryption in place. And for non-government owned equipment, storing data is impossible.”
“These barriers that we’ve put in place, I think, will prevent the innocent, accidental loss of data,” affirmed Kastin. “There are many different ways that data can leak out, and we’re trying to cover all of our bases. We’re very focused on protecting personal information, so we feel these measures are appropriate.”
There is no company meaning or impact by the SKS sale. HOwEVER, it was a stupid move by SKS as it sends a wrong signal to investors who have kept this company solvent. SKS makes enough (I say too much) in salary, bonus, and stock. He didn't need to sell. Just a very silly move. Maybe it's a signal he sending to investors like so many have claimed he has done in the past? LOL.
Pathetic. What I waste of my invested money.
Agreed, go news. Although some were ahppy with Mazda (better than nothing theory), it sounded like someone greater given the PR.
Mazda would be new and somewhat of a disappointment as most thought GM or Ford. 30% attach rate i think is higher than what we last heard and is good. The rest is what we already knew or expected. Added another 10k shares today so continue to have my fingers crossed.
Unfotunately agreed. Nothing new but the share price. Come on SKS, give us some news!
Just in case,
STE - System Test & Evaluation
ATO - Authority to Operate
Dabears4,
Nice stuff. Anywat to tell how "fresh" these prices are? Nice work.
Read "Spies for Hire" ;)
certainly not small
http://www.tickerspy.com/pro/Cqs-Cayman-LP
Old security flaws still a major cause of breaches, says report
Companies are overlooking obvious threats in the rush to tackle new ones, says TrustWave
By Jaikumar Vijayan
****gotta love the name - TrustWave. Also, I think we can help with two of the last recommendations in hte last sentence.
February 3, 2010 06:00 AM ET Comments(1)Recommended(3)In addition to older keystroke-logging and packet-sniffing tools, malicious attackers are increasingly employing tools such as memory parsers and credentialed malware to steal data, Percoco said. Memory parsers are used to monitor the RAM associated with a certain process and to extract specific data from it. Credentialed malware programs are a new class of multiuser programs that have typically been used to steal money and payment card numbers from ATMs.
There are several measures companies can take to mitigate the risks posed by older and often-overlooked vulnerabilities, Trustwave said. One step is to maintain a complete asset inventory. Many companies are unaware of all the IT assets they own or of the risks they pose to data, so maintaining an up-to-date list of assets is vital to protecting them, Trustwave said.
Decommissioning older legacy systems as much as possible can help mitigate the risk as well. Also, in 80% of the cases that Trustwave studied, third parties were responsible for introducing vulnerabilities, so monitoring third-party relationships is key. Other recommended measures include internal network segmentation, data encryption and strong Wi-Fi security policies.
Computerworld - An overemphasis on tackling new and emerging security threats may be causing companies to overlook older but far more frequently exploited vulnerabilities, according to a recent report.
The report, from Trustwave, is based on an analysis of data gathered from more than 1,900 penetration tests and over 200 data breach investigations conducted on behalf of clients such as American Express, MasterCard, Discover, Visa and several large retailers.
The analysis shows that major global companies are employing "vulnerability chasers" and searching out the latest vulnerabilities and zero-day threats while overlooking the most common ones, the report said.
As a result, companies continue to be felled by old and supposedly well-understood vulnerabilities rather than by newfangled attack tools and methods.
For instance, the top three ways hackers gained initial access to corporate networks in 2009 were via remote access applications, trusted internal network connections and SQL injection attacks, Trustwave found.
All three attacks points have been well researched for several years. SQL injection vulnerabilities, for instance, have been known about for at least 10 years but still continue to be widely prevalent in Web-based, database-driven applications, Trustwave said.
The most common vulnerability that Trustwave discovered during its external network penetration tests involved the management interfaces for Web application engines such as WebSphere and ColdFusion. In many cases, the management interfaces were accessible directly from the Internet and had little or no password protection, potentially allowing attackers to deploy their own malicious applications on the Web server.
Similarly unprotected network infrastructure components such as routers, switches and VPN concentrators represented the second most common vulnerability unearthed by Trustwave. The tendency by many companies to host internal applications on the same server that also hosts external content was another common vulnerability, as were misconfigured firewall rules, default or easy-to-guess passwords, and DNS cache poisoning.
Meanwhile, Trustwave's wireless penetration tests unearthed common weaknesses such as the continued use of WEP encryption, legacy 802.11 networks with minimal to no security controls, and wireless clients using public "guest" networks instead of secured private networks.
In almost all of the cases, the most common vulnerabilities unearthed by Trustwave were common, well-understood issues that should have been addressed a long time ago, said Nicholas Percoco, senior vice president at Trustwave's SpiderLabs research unit.
"There are basically two themes," Percoco said. "Through our study in 2009 we found some very old vulnerabilities present within enterprises, some as old as 20 to 30 years." The second theme is that attackers are targeting those old flaws to break into enterprises and then using increasingly sophisticated tools to harvest data from companies, he said.
In addition to older keystroke-logging and packet-sniffing tools, malicious attackers are increasingly employing tools such as memory parsers and credentialed malware to steal data, Percoco said. Memory parsers are used to monitor the RAM associated with a certain process and to extract specific data from it. Credentialed malware programs are a new class of multiuser programs that have typically been used to steal money and payment card numbers from ATMs.
There are several measures companies can take to mitigate the risks posed by older and often-overlooked vulnerabilities, Trustwave said. One step is to maintain a complete asset inventory. Many companies are unaware of all the IT assets they own or of the risks they pose to data, so maintaining an up-to-date list of assets is vital to protecting them, Trustwave said.
Decommissioning older legacy systems as much as possible can help mitigate the risk as well. Also, in 80% of the cases that Trustwave studied, third parties were responsible for introducing vulnerabilities, so monitoring third-party relationships is key. Other recommended measures include internal network segmentation, data encryption and strong Wi-Fi security policies.
Google to enlist NSA to help it ward off cyberattacks
By Ellen Nakashima
Thursday, February 4, 2010
The world's largest Internet search company and the world's most powerful electronic surveillance organization are teaming up in the name of cybersecurity.
This Story
Google to enlist NSA to ward off attacks
Under an agreement that is still being finalized, the National Security Agency would help Google analyze a major corporate espionage attack that the firm said originated in China and targeted its computer networks, according to cybersecurity experts familiar with the matter. The objective is to better defend Google -- and its users -- from future attack.
Google and the NSA declined to comment on the partnership. But sources with knowledge of the arrangement, speaking on the condition of anonymity, said the alliance is being designed to allow the two organizations to share critical information without violating Google's policies or laws that protect the privacy of Americans' online communications. The sources said the deal does not mean the NSA will be viewing users' searches or e-mail accounts or that Google will be sharing proprietary data.
The partnership strikes at the core of one of the most sensitive issues for the government and private industry in the evolving world of cybersecurity: how to balance privacy and national security interests. On Tuesday, Director of National Intelligence Dennis C. Blair called the Google attacks, which the company acknowledged in January, a "wake-up call." Cyberspace cannot be protected, he said, without a "collaborative effort that incorporates both the U.S. private sector and our international partners."
But achieving collaboration is not easy, in part because private companies do not trust the government to keep their secrets and in part because of concerns that collaboration can lead to continuous government monitoring of private communications. Privacy advocates, concerned about a repeat of the NSA's warrantless interception of Americans' phone calls and e-mails after the Sept. 11, 2001, terrorist attacks, say information-sharing must be limited and closely overseen.
"The critical question is: At what level will the American public be comfortable with Google sharing information with NSA?" said Ellen McCarthy, president of the Intelligence and National Security Alliance, an organization of current and former intelligence and national security officials that seeks ways to foster greater sharing of information between government and industry.
On Jan. 12, Google took the rare step of announcing publicly that its systems had been hacked in a series of intrusions beginning in December.
The intrusions, industry experts said, targeted Google source code -- the programming language underlying Google applications -- and extended to more than 30 other large tech, defense, energy, financial and media companies. The Gmail accounts of human rights activists in Europe, China and the United States were also compromised.
So significant was the attack that Google threatened to shutter its business operation in China if the government did not agree to let the firm operate an uncensored search engine there. That issue is still unresolved.
Google approached the NSA shortly after the attacks, sources said, but the deal is taking weeks to hammer out, reflecting the sensitivity of the partnership. Any agreement would mark the first time that Google has entered a formal information-sharing relationship with the NSA, sources said. In 2008, the firm stated that it had not cooperated with the NSA in its Terrorist Surveillance Program.
Sources familiar with the new initiative said the focus is not figuring out who was behind the recent cyberattacks -- doing so is a nearly impossible task after the fact -- but building a better defense of Google's networks, or what its technicians call "information assurance."
One senior defense official, while not confirming or denying any agreement the NSA might have with any firm, said: "If a company came to the table and asked for help, I would ask them . . . 'What do you know about what transpired in your system? What deficiencies do you think they took advantage of? Tell me a little bit about what it was they did.' " Sources said the NSA is reaching out to other government agencies that play key roles in the U.S. effort to defend cyberspace and might be able to help in the Google investigation.
These agencies include the FBI and the Department of Homeland Security.
"As a general matter," NSA spokeswoman Judi Emmel said, "as part of its information-assurance mission, NSA works with a broad range of commercial partners and research associates to ensure the availability of secure tailored solutions for Department of Defense and national security systems customers."
Despite such precedent, Matthew Aid, an expert on the NSA, said Google's global reach makes it unique.
"When you rise to the level of Google . . . you're looking at a company that has taken great pride in its independence," said Aid, author of "The Secret Sentry," a history of the NSA. "I'm a little uncomfortable with Google cooperating this closely with the nation's largest intelligence agency, even if it's strictly for defensive purposes."
The pact would be aimed at allowing the NSA help Google understand whether it is putting in place the right defenses by evaluating vulnerabilities in hardware and software and to calibrate how sophisticated the adversary is. The agency's expertise is based in part on its analysis of cyber-"signatures" that have been documented in previous attacks and can be used to block future intrusions.
The NSA would also be able to help the firm understand what methods are being used to penetrate its system, the sources said. Google, for its part, may share information on the types of malicious code seen in the attacks -- without disclosing proprietary data about what was taken, which would concern shareholders, sources said.
Greg Nojeim, senior counsel for the Center for Democracy & Technology, a privacy advocacy group, said companies have statutory authority to share information with the government to protect their rights and property.
Green Hills Software
Your neck of the woods OCLV99.
Don't we know of someone else who worked at National Semiconductor in some minor capacity??
Dan O'Dowd, founded Green Hills Software in 1982 and has been its President and Chief Executive Officer since its inception. Before founding Green Hills Software, Mr. O'Dowd was manager of compiler and operating system development at National Semiconductor. He joined National Semiconductor in 1978 to design the architecture for the NS32000 32-bit microprocessor. From 1976 to 1978, he worked at APh Technological Consulting developing some of the first embedded development tools for microprocessors. They were used for developing the first hand held electronic games for Mattel and Mattel's line of home video games. Mr. O'Dowd received a Bachelor of Science in Engineering from the California Institute of Technology in 1976.
The folks who sold much of their holdings (many wavoids) are the ones saying it will go lower. Nuf' said. Many fake longs on this board. Get use to it.
$2.80 to $2.05?! If that doesn't that already qualify as a giveaway than we are in greater trouble than I think!
Any true poll just helps the traders. That is why I doubt people are entering their real sentiment anyway. So it's a wash and an effort in futility but, it's your party so.....
Wow...so what does this have the TVTonic did not??!!
And as laptops and desktops get more difficult to hack.
Wow! Just think how 3rd party integrators like Booz Allen Hamilton with extensive cyber security expertise will benefit. Yup, some serious coin to be made there in the future........
Looks good with Embassy Suite but what is "Acer TPM-based eDataSecurity Management"?
AWK,
Thanks. SO they were a participant in the pilot but they are not part of OpenID group? Need to do some more DD here to get a firm handle on it.
Enjoy the day.
I'm confused. Weren't there some news stories connecting WAVX with this OpenID effort?
Cloud Computing and Security Implications Defined
As with virtualization, organizations
are flocking to cloud computing by
the allure of lower costs. Instead of
investing to purchase infrastructure
and software, organizations and
agencies are attracted by the idea of
getting infrastructure, platforms, and
software as a “pay per use” service.
Along with lower fixed costs,
however, use of cloud computing brings
with it a loss of control and an exposure
to various risks, particularly security
risks. Practitioners are advised to—
ff Understand exactly what
cloud computing means, which
includes understanding the
taxonomy and layers
ff Assess where cloud computing
might make sense and which model
of cloud computing, public vs.
private, is the most appropriate
ff Understand the risks faced, conduct
a gap analysis, and develop plans to
address the risks. Often these plans
entail focusing on the basics by
matching the business and security
requirements against the most
appropriate cloud models.
ff Take actions such as classifying
data and assets, conducting a risk
assessment, evaluating vendors,
educating their organization, and
participating in the evolution of
cloud computing.
When people refer to “the cloud,”
they are typically talking about the SPI
model, which includes software (S),
platform (P), and infrastructure (I) as a
service. The following taxonomy
describes the components and layers of
these services. These different services
and their many layers mean that
organizations can pick and choose the
different pieces of the SPI model that
meet their needs—
1. Infrastructure as a service (IaaS)—
This includes the physical facilities,
the hardware, an abstraction layer, a
core connectivity and delivery layer,
and application program interfaces.
Vendors in this space include
Amazon EC2, GoGrid, and FlexiScale.
2. Platform as a service (PaaS)—This
is the middleware that integrates the
infrastructure and the resources
that sit on top of it. It can include
identity and access management,
databases, and authentication. PaaS
vendors are Force.com, Google
AppEngine, and Coghead.
3. Software as a service (SaaS)—This
is the data and the applications.
Examples of SaaS vendors are
Salesforce.com, GoogleApps, and
Oracle on Demand.
There are many similarities
between cloud computing and
virtualization. Virtualization is an
enabler of cloud computing, as the new
de facto atomic unit of the digital
infrastructure is now a virtual machine.
A reality of virtualization is that
organizations have rushed to adopt it
without solving many of its attendant
security, privacy, and management
challenges. And now, without having
solved the problems associated with
virtualization—problems that are within
an organization’s own control—
organizations are moving to the cloud,
where they have even less control.
The security problems that
organizations face related to cloud
computing are the same as those related
to virtualization—but even more so. The
abstraction of infrastructure points to
the need for information centricity and,
consequently, information assurance.
Steps that security practitioners
should take to decrease the risks
associated with cloud computing involve
common sense. Information assurance
practitioners already have most of what
is needed to make an informed set of
decisions about cloud computing. The
challenge is to match the organization’s
business and security requirements
against the various cloud “service” (aaS)
models. Among the requirements: not
being a speed bump to business
operations and achieving and
maintaining compliance. Activities that
practitioners should engage in include
conducting a cloud computing risk
assessment and a gap analysis. An
organization can assess security for each
layer in the cloud and can identify any
shortcomings. Some additional resources
include the Cloud Security Alliance,
cloud computing Google groups, and
attending a local CloudCamp.
Agree with that hypothesis over others postulated here thus far.