is presently fighting off an incurable lung cancer, think I maybe winning (mesothelioma)
Register for free to join our community of investors and share your ideas. You will also get access to streaming quotes, interactive charts, trades, portfolio, live options flow and more tools.
Register for free to join our community of investors and share your ideas. You will also get access to streaming quotes, interactive charts, trades, portfolio, live options flow and more tools.
More groundwork being laid!
Giesecke & Devrient and Wirecard Bank Unveil the First E-Business Application to Use the European Citizen Card
Munich, February 28, 2008 - At this year's CeBIT, Giesecke & Devrient (G&D) and Wirecard Bank AG are showcasing the first e-business application that utilizes the electronic ID card, which several European Union member states are planning to introduce. To use the application, consumers have to register with Wirecard Bank's internet payment service, Wirecard, and install special software and a simple contactless card reader on their home PCs. This new application allows banks and consumers to authenticate one another using an official personal identity document and a personal identification number (PIN) for the first time ever.
Giesecke & Devrient's new launch represents the first implementation of the standards for microchip-equipped European Citizen Cards along with the middleware to support commercial applications. "This is a major milestone for e-government and e-business applications. Users and online service providers can benefit from added security in their internet transactions, thanks to secure mutual authentication based on an official electronic document," noted Hans-Wolfgang Kunz, group executive for the Government Solutions business unit at Giesecke & Devrient.
Several European countries, including Germany, are planning to introduce electronic personal ID documents with integrated microchips. Citizens will thus be able to identify themselves to government offices on the Internet as well. At the same time, the electronic ID can also help make e-business applications more secure - and more convenient, since it eliminates the need to maintain numerous user names and passwords for various internet portals.
The personal information stored on the ID card's chip - such as the user's name, address or date of birth - is protected from unauthorized access in each transaction by Extended Access Control (EAC), a highly secure encryption protocol. Essentially, a secure channel is created between the server operated by the online service provider - like Wirecard Bank -and the microchip on the electronic ID card. The microchip verifies the service provider's individual access certificate to ensure the provider only accesses the personal data needed for its business processes. Citizens remain in control of who uses their personal information, since they have to explicitly grant access to their data by entering their PIN.
G&D at the 2008 CeBIT:
Hall 6, stand J46
About Giesecke & Devrient:
Giesecke & Devrient (G&D), based in Munich, Germany, is an international technology group operating subsidiaries and joint ventures throughout the world. Founded in Leipzig in 1852, G&D began as a printer of securities, and later specialized in banknote production. The company has been developing solutions and complete systems for automatic currency processing since 1970. Today, G&D is also a technology leader in smart cards, and a solutions provider in a wide range of fields, including telecommunications, electronic payments, identification, health, transportation, and IT security (PKI). In fiscal 2006, the Group employed some 8,300 people and generated a revenue of €1.3 billion. For more information, visit our Web site at www.gi-de.com.
About Wirecard AG:
Wirecard AG is one of the leading international providers of electronic payment and risk management solutions. Worldwide, Wirecard supports over 9,000 companies from many and various industry segments in automating their payment processes and minimizing cases of default. Wirecard Bank AG provides account and credit card services both for business and private customers and is a Principal Member of VISA, MasterCard and JCB. The Internet payment service Wirecard enables consumers to make secure payments at millions of MasterCard acceptance outlets worldwide. In addition, registered users can send or receive money orders to each other on a real-time basis. Wirecard AG is listed on the Frankfurt Securities Exchange (TecDAX, ISIN DE0007472060, WDI).
www.wirecard.com www.wirecardbank.de www.mywirecard.com
Contacts:
Giesecke & Devrient GmbH
Daniela Gaigl, Press Officer
Prinzregentenstrasse 159
D-81607 Munich
Tel: +49-89-4119-1622, Fax: -1208
E-mail: daniela.gaigl@gi-de.com
www.gi-de.com
Giesecke & Devrient's Card Application Management System (CAMS) for the German Health Market Passes gematik's Online Test
Munich, December 17, 2007—gematik (Gesellschaft für Telematikanwendungen der Gesundheitskarte GmbH) began to run online user tests for the electronic health care card in September 2007. The first system to complete the tests with flying colors was the card application management system (CAMS) for the German health market developed by Giesecke & Devrient (G&D) for AOK Systems and ISKV.
"We participated in gematik's online test as the first provider of a card application management system. We're proud to report that our CAMS passed the test with ease. This is important because passing all the tests will help drive future acceptance of the card in the community and the health care sector. As such, we see this test completion as a key milestone on the road to a modern health care system," commented Hans Wolfgang Kunz, Group Executive for Government Solutions at G&D.
CAMS plays a crucial role in the electronic health care card infrastructure. This central element controls every function in the card lifecycle—from production, personalization and issuing to ongoing data maintenance during use to blocking the card when lost or taken out of service. As such, it interacts with the health insurers' patient database management systems, image databases, highly secure key management systems and internal or external certificate services, various personalization providers and patient master data services. G&D's CAMS for the German health market is currently the only system that has been shown to conform to the gematik specification (2.2.1) for effectively and quickly blocking the electronic health care card, unblocking it, and updating patient data on it.
Phase 2 user tests (PMD Online) began in September as part of the nationwide rollout of the electronic health care card. The tests mainly verify whether the individual components making up the telematics infrastructure offer the right level of technical and specialized functionality. In this case, the tests determined whether CAMS supported an online feature known as "post-issuing personalization" (PIP)—essentially, modifying cards already issued to patients. This has to be done in full compliance with gematik's security guidelines. Once this phase is completed, gematik will move to field-testing the solutions in individual test regions under real-life operating conditions. The users, who include physicians, pharmacists and other health care professionals, will determine the usefulness and effectiveness of the electronic health care card and thus also CAMS, which will be running in the background.
About Giesecke & Devrient:
Giesecke & Devrient (G&D), based in Munich, Germany, is an international technology group operating subsidiaries and joint ventures throughout the world. Founded in Leipzig in 1852, G&D began as a printer of securities, and later specialized in banknote production. The company has been developing solutions and complete systems for automatic currency processing since 1970. Today, G&D is also a technology leader in smart cards, and a solutions provider in a wide range of fields, including telecommunications, electronic payments, identification, health, transportation, and IT security (PKI). In fiscal 2006, the Group employed some 8,300 people and generated a revenue of €1.3 billion. For more information, visit our Web site at www.gi-de.com.
Contact:
Giesecke & Devrient GmbH
Daniela Gaigl, Press Manager
Prinzregentenstrasse 159, D- 81607 Munich
Tel: +49-89-4119-1622, Fax: -1208
E-mail: daniela.gaigl@gi-de.com
www.gi-de.com/presse
Methinks - Ummmm! don't think I've heard anything on this as yet, if it's a UK radio ad - I find that quite interesting as we're light years behind you guys there, they just haven't a clue here I'm afraid! - fr'instance they're still wringing their hands and blaming one another over the 25mil addresses lost the other day.
I've e/mailed IT newspapers and tv programmes for the last couple of years here regarding trusted computing but never had a sausage in reply!
Nevertheless will maintain a listening post here.
Regards Boom
MasterCard PayPass Technology Taking Canada by Storm
Toronto, Paris, November 13, 2007 - BMO Bank of Montreal (BMO) has partnered with Giesecke & Devrient (G&D) to provide Canadians with a faster, more convenient and secure way to pay with MasterCard PayPass contactless payment feature. The future is now, with millions of cards being used worldwide.
"As of 3Q2007, with over 19 million MasterCard PayPass cards issued worldwide the technology is here and growing. BMO Bank of Montreal has taken the lead in introducing this fast and secure payment method to Canadians. Partnered with G&D, an industry leader in card payment technology, we are confident that Canadians will find MasterCard PayPass to be secure and convenient. It's like having exact change wherever you go. A simple tap of the card is all it takes to pay at checkout," said Nancy Marescotti, Director, BrandMarketing & Card Management for BMO Bank of Montreal.
With a flurry of success in the U.S., Europe and Asia, PayPass in Canada is now fuelling the storm of contactless cards sweeping through the Canadian marketplace. Giesecke & Devrient, creators of the first mini contactless payment card in the world, are providing a contactless card product line to BMO with a best-in-class payment card.
PayPass technology is designed to enable small ticket purchases to be completed quickly and securely. The system has found the greatest success with Generation Plastic, young adults who use plastic for over 40% of all transactions. A tap is all it takes to speed through checkouts for coffee, gas and many other convenience items. With no signature or PIN required, the card never leaves the consumers hand making it the most secure form of payment.
"MasterCard PayPass provides the combination of convenience, quality and security creating a compelling value for issuers like BMO," said Kim Madore, VP Emerging Technology for G&D.
Contactless cards work with a specially equipped merchant terminal. The cards have a chip and antenna embedded directly in their plastic. The terminal reads the card using radio frequency technology. Once payment details have been captured by the terminal they are processed through the BMO Bank of Montreal acceptance network. All of these details occur instantly and seamlessly to the consumer.
"G&D is proud to support BMO's rollout of the new Mosaik MasterCard PayPass in the Canadian market. G&D is always working towards bringing the consumer tomorrow's technology, today," said Anna Rossetti, President G&D Canada.
"BMO Bank of Montreal with our partner G&D are working together to fuel the storm of contactless bankcards expected to sweep the Canadian marketplace in the year ahead. We are confident G&D is the partner to provide the quality and experience expected by BMO Bank of Montreal customers," commented Mike Kitchen, Senior Vice President, Card & Retail Payment Services for BMO Bank of Montreal.
Please visit us on CarteS exhibition in Paris from Nov. 13-15, 2007 on our booth no. 4 J 013 in hall 4.
About BMO Bank of Montreal:
Established in 1817 as Bank of Montreal, BMO Financial Group is a highly diversified North American financial services organization. With total assets of $359 billion as at July 31, 2007, and more than 35,000 employees, BMO provides a broad range of retail banking, wealth mangement and investment banking products and solutions. BMO Financial Group serves clients across Canada through its Canadian retail arm, BMO Bank of Montreal, and through its wealth management firms BMO Nesbitt Burns, BMO InvestorLine and BMO Harris Private Banking. BMO Capital Markets, our North American investment and corporate banking division, provides a full suite of financial products and services to our North American and international clients. BMO also serves personal and commercial clients in the United States through Chicago-based Harris, an integrated financial services organization that provides more than one million personal and business clients with banking, lending, investing, financial planning, trust administration, portfolio management, family office and wealth transfer services.
About Giesecke & Devrient:
Giesecke & Devrient (G&D) is a technology leader in the field of smart cards, providing smart card based solutions for telecommunications, electronic payment, health care, ID, transportation, and IT security (PKI). G&D is also a leading producer of banknotes and security documents and is dominant in the field of currency automation. Based in Munich, Germany, the G&D group has subsidiaries and joint ventures around the world. In fiscal 2006, the Group employed close to 8,300 people and generated revenue of almost €1.3 billion.
For more information, visit our Web site at www.gi-de
Hamburg Lottery Company Opts for Secure Two-Factor Authentication with Giesecke & Devrient’s Internet Smart Card
Munich, Paris, November 12, 2007 — Giesecke & Devrient (G&D), the world’s second largest provider of smart card solutions, is unveiling its new Internet Smart Card at CarteS 2007. The card will be deployed for the first time in Northern Germany, where starting next week, players in the Hamburg lottery can use the USB token to access the company’s online portal. Together with the statutory lottery identification process, the “Lotto Internet Stick” meets the legal requirement in Germany to prove that a player has reached the age of majority and thus complies with the requirements laid down by the Commission for the Protection of Minors in the Media for closed user groups. Identification and authentication provide the basis for robust protection of young people when using Internet services. Players just insert the token into their computer’s USB port and enter their PIN number. The PC is then automatically configured for the token.
“The Lotto Internet Stick enables us to fully comply with the requirements of Germany’s new Federal Gaming Law. Right from the start, we were excited by how easy G&D’s Internet Smart Card is to use—it doesn’t require any special knowledge of computers at all. At the same time, the Internet stick makes an important contribution to the security of our system,” explains Siegfried Spies, CEO of LOTTO Hamburg.
Players initially demonstrate that they have reached the age of majority (lottery identification process) by presenting appropriate ID in person at a lottery sales point. They are then given their personal Lotto Internet Stick, with the required PIN number being sent separately by e-mail.
The stick ensures that lottery players always have secure access to the online service. The Internet Smart Card is a personal tool that players can carry with them to protect their private identity on the Web and use on almost every device with Internet access.
G&D describes the Internet Smart Card as the smallest Web server-based security proxy currently available worldwide, whose contents can be displayed by all standard browsers. Additional hardware, middleware, and client software are no longer required on the user’s PC.
The Internet Smart Card checks SSL certificates during the logon and authentication process. It thereby prevents users from unintentionally connecting to a fraudulent website and the site’s operators gaining access to sensitive user data. The card user and the Internet provider’s server are able to authenticate themselves to each other via an encrypted end-to-end connection that utilizes standard security protocols, such as Secure Socket Layer (SSL) and Transport Layer Security (TLS), and by checking client and/or service certificates on the Internet Smart Card.
Furthermore, G&D’s Internet Smart Card can perform additional functions, such as secure user logon to other Internet portals, closed user groups, or for online gaming.
The fact that the logon data is only held on the Internet Smart Card means that, when connecting to a service platform, the user is protected against phishing, pharming, password spying, spoofing, keyboard logging, man-in-the-middle attacks, and attacks by malignant software known as trojans. The card is very easy to use, thanks to automatic configuration on computers running Windows XP and Vista. For Windows 2000, Linux, and Mac OS systems, just a few simple steps are required.
“The Internet Smart Card can be used across many markets and applications. As well as creating a secure connection to Internet-based applications for private customers in closed user groups, the card can also enable secure access to corporate networks. As a result, there is no longer a need to set up often costly VPN clients,” says Dr. Kai Grassie, head of the New Business division at Giesecke & Devrient, looking to the not too distant future.
Image: “Lotto Internet Stick” used by LOTTO Hamburg --> please find a high-resolution picture for download here
Please visit us on CarteS exhibition in Paris from Nov. 13-15, 2007 on our booth 4 J 013 in hall 4
About Giesecke & Devrient:
Giesecke & Devrient (G&D) is a technology leader in the field of smart cards, providing smart card based solutions for telecommunications, electronic payment, health care, ID, transportation, and IT security (PKI). G&D is also a leading producer of banknotes and security documents and is dominant in the field of currency automation. Based in Munich, Germany, the G&D group has subsidiaries and joint ventures around the world. In fiscal 2006, the Group employed close to 8,300 people and generated revenue of almost €1.3 billion.
For more information, visit our Web site at www.gi-de.com.
Contact:
Giesecke & Devrient GmbH
Vera Schuh, Press Manager
Prinzregentenstrasse 159, D-81607 Munich
Phone: +49 89 41 19-2985, Fax: -1208
E-mail: vera.schuh@gi-de.com
European Resident Permit Made More Secure Thanks to Smart Card Technology and Biometric Data
Giesecke & Devrient (G&D) unveils electronic EU residence card with biometric identifiers
EU member states to use new standard resident permit from 2010
Card supports online authentication for e-government services
Munich, Paris, November 12, 2007 — A regulation scheduled for adoption before the end of the year will see the European Union introducing a uniform version of the resident permit that all 27 member states issue to third-country nationals. This harmonization is intended to improve document security and make it easier to verify entitlement to residence. The new EU resident permit is expected to be a smart card-based document that stores biometric data securely. Giesecke & Devrient (G&D), a leading global provider of smart cards and ID documents, is unveiling an electronic residence card at CarteS 2007 that supports both contact-based and contactless data transmission.
“The electronic resident permit once again demonstrates our leading role as a provider of chip-based identity documents and security printing. The card we are unveiling in Paris shows that our solutions already meet all the requirements of the EU Commission,” says Hans Wolfgang Kunz, the Management Board member responsible for Government Solutions at G&D.
A technical specification is due be published by 2008 that will ensure compatibility between all electronic residence cards, EU-wide. The new European resident permit will then be rolled out in all member states within a two-year period following release of the specification. The specification will include two biometric identifiers—a facial image and two fingerprints. Data stored on the chip integrated into the electronic residence card will be encrypted and can be transmitted either via the contacts on the chip surface or contactlessly. Depending on country-specific requirements, the chip can also incorporate other applications. Accordingly, the electronic resident permit being presented by G&D at CarteS contains all the e-government functions envisaged for the European Citizen Card (ECC). This will allow cardholders to use electronic public services, for example, or to uniquely authenticate their identity when shopping online or accessing other Internet services.
Scheduled for introduction from 2010, the resident permit can act as a temporary entitlement to residence, permanent residency permit, or a visa. It is estimated that 20 million people within the EU require such a permit. The new electronic resident permit will replace the labels used to date, which no longer meet increasing security demands.
Visual: G&D draft layout of an electronic resident permit in high-resolution quality can be downloaded from here.
Please visit us on CarteS exhibition in Paris from Nov. 13-15, 2007 on our booth no. 4 J 013 in hall 4.
About Giesecke & Devrient:
Giesecke & Devrient (G&D) is a technology leader in the field of smart cards, providing smart card based solutions for telecommunications, electronic payment, health care, ID, transportation, and IT security (PKI). G&D is also a leading producer of banknotes and security documents and is dominant in the field of currency automation. Based in Munich, Germany, the G&D group has subsidiaries and joint ventures around the world. In fiscal 2006, the Group employed close to 8,300 people and generated revenue of almost €1.3 billion.
For more information, visit our Web site at www.gi-de.com
Well said Snackman - my thoughts entirely! eom
That's extremely good news!!!!eom
wavxmaster! - my apologies for that (I'm not keeping up with the board as much as I should) it was this paragraph that I thought could turn out to be interesting -
Ross is struggling to write a definition of trustworthy systems for the upcoming Special Publication 800-39, “Managing Enterprise Risk,” one in a series of NIST publications on computer security. It is expected to be available in October. The term trusted computing has evolved over time, he said. When the Orange Book, precursor to the internationally accepted Common Criteria, was developed in the 1970s by the Defense Department and the National Security Agency, the focus was on operating systems in a mainframe environment.
Hooray At Last! - NIST is talking the talk!
http://www.gcn.com/print/26_25/45094-1.html
GCN Home > 09/24/07 issue
Trust issues
Agencies, industry grapple to define the meaning of trusted computing
By William Jackson
Trusted or trustworthy computing sounds like a good idea. After all, who wants untrustworthy computing? Government and private sectors have been working on this concept, but the goal of consistently secure and trustworthy information technology systems remains elusive.
Part of the problem might be that it is difficult to precisely define trusted computing. If our system contacts a computer on another network, we want to make sure the output we get is valid and unaltered — and the external agency’s management fully recognizes the role that computer plays. But how do you gauge — or trust — such assertions?
“You can ask 10 people, and you’ll get 10 different answers,” said Bud Wilson, IT director at TechTeam Government Solutions.
“The industry has grown at warp speed, and the complexity is outstripping our ability to put these things together securely.” — Ron Ross, National Institute of Standards and Technology
Most people in the industry perceive trustworthy computing to mean secure computing, Wilson said, but that is too broad to be a good definition. Microsoft has a trustworthy-computing initiative, which refers to a reliable, repeatable software development process.
To the Trusted Computing Group, trusted computing refers to security controls based on its specifications built into hardware platforms. This industry standards body has given us the Trusted Platform Module chip for storing cryptographic keys, passwords and digital certificates, which is becoming common in laptop and desktop PCs.
Then there is the trusted system according to the National Information Assurance Partnership, which refers to platforms that have been evaluated under the Common Criteria at Evaluation Assurance Level 4 or above for role-based access control, controlled access and labeled security protection profiles. So far, evaluated systems include Sun Microsystems’ Trusted Solaris Operating System Version 8, Red Hat Enterprise Linux Version 5 and the XTS-400 Secure Trusted Operating Program from BAE Systems Information Technology.
“I’m not sure there is a generally accepted definition,” said Ron Ross, senior computer scientist at the National Institute of Standards and Technology.
Ross is struggling to write a definition of trustworthy systems for the upcoming Special Publication 800-39, “Managing Enterprise Risk,” one in a series of NIST publications on computer security. It is expected to be available in October. The term trusted computing has evolved over time, he said. When the Orange Book, precursor to the internationally accepted Common Criteria, was developed in the 1970s by the Defense Department and the National Security Agency, the focus was on operating systems in a mainframe environment.
The focus in trustworthy computing in government today is on enabling cross-domain data sharing so data on networks handling differing levels of security classification can be accessed from a single computer. This would help eliminate the need for multiple computers on a single desk and simplify data sharing within and among agencies. DOD and the intelligence community are working on a platform to enable this type of sharing among themselves with an eye toward the holy grail of trusted computing. “We’re going to converge at some point between the DOD and the civilian agencies,” Ross said.
“We are starting to work a lot smarter now” toward this end, he said, but major challenges remain. Evaluation of trusted systems has so far focused on individual components. Greater emphasis is needed now on developing and integrating entire systems and on security-engineering techniques to create a trustworthy whole. “The industry has grown at warp speed, and the complexity is outstripping our ability to put these things together securely,” Ross said. “Complexity and connectivity are going to be constant threats to our security.”
Trusted control
The Trusted Computing Group’s (TCG) Trusted Platform Module is probably the most visible element in enabling cross-domain information sharing. The group — consisting of industry heavyweights such as Advanced Micro Devices, Hewlett-Packard, Intel and Microsoft — has developed a specification for building a secure microcontroller that can be added to laptops, desktop PCs or server motherboards. The controller generates cryptographic keys for signing documents and computer-based transactions. The microcontroller also provides a description of the computer’s hardware, which can be a source of nearly irrefutable identification for that computer.
DOD sees the TPM as a primary tool for securing sensitive-but-unclassified information on portable devices. In July, a DOD directive required the encryption of all sensitive data on laptops, personal digital assistants and removable storage devices using Federal Information Processing Standard 140-2 compliant tools. The department requires that all servers, desktop PCs, laptops and PDAs purchased include the TPM chip.
Storing the keys and digital certificates for these functions on a dedicated piece of hardware keeps them more secure from external attacks and malicious code, the department said. TPM’s hashing function can be used to ensure the integrity not only of documents stored on a computer but also of applications and other pieces of hardware on the computer, said Michael Willett, senior research director at the TCG. He called the TPM a security metric.
“Hashing is a way to take a cryptographic snapshot,” he said. A hashing algorithm creates a unique numerical digest of a document, a piece of software or the code on a computer chip. The original contents cannot be derived from this digest or hash, but any change in the content results in a different hash. Comparing before-and-after hashes can reveal alterations, enabling detection of unauthorized tampering with documents or applications.
Safe storage
The TPM also can be used as an interface for security functions being defined in specifications for trusted-storage devices. TCG has released a draft of the specifications for public comment.
The TPM focuses on the computing platform, which is only one half of the equation, Willett said.
“As a storage guy, to me that’s the sound of one hand clapping,” he said. Storage devices are “where data spends most of its useful life,” and that is where security belongs, he said. A working group began developing trusted storage specifications about three years ago and released the 230-page document in June.
Although the draft specifications are not expected to be finalized until late this year, TCG said they are complete, and storage and application vendors can begin using them to design secure products. They are intended for use with any type of storage device, including hard drives and flash, tape and optical devices.
Specifications are provided for cryptography, public-key cryptography and digital signatures, hashing, random number generation, and secure storage The specifications define the creation of a Security Provider segment in a nonaddressable portion of the device’s memory used for system functions. Applications would present credentials to trusted-storage devices through the TPM chip or some other trusted element in the host device using a trusted-command interface negotiated by TCG with SCSI and Advanced Technology Attachment standards committees.
Willett said the major hard-drive manufacturers who participated in development of the trusted-storage specification plan to incorporate the specifications in their products. The first application announced is full-disk encryption, which Willett called a no-brainer.
The encryption will use the Advanced Encryption Standard algorithm with a 256-bit key. A random-number generator in the Security Provider segment of the drive will create the key. Encryption will be done in hardware, and the key will never leave the device. The user will access the key with a password. Changing the key can provide a rapid-erase function, making data on the disk inaccessible.
Another secure-storage application likely to appear soon will be application locking, which will tie disks or other devices such as USB drives to a single computer. Secure-storage devices and their host computers will authenticate on another through a handshake protocol that TPM manages.
TCG said an estimated 250 million devices with TPM chips installed have been shipped, and another 50 million are expected this year.
“There are chips bolted to most laptops, and it is appearing in servers,” Willett said. The DOD mandate is expected to be a major driver in making the chips ubiquitous, and applications using the chip, such as BitLocker in Microsoft’s Windows Vista operating system, are beginning to appear.
But there has so far been a paucity of applications using the chip, and awareness of the chip and its functionality is growing slowly.
“There are a lot of reasons for that,” Wilson said. “It’s becoming pervasive in the hardware space. The early adopters are the financial sector and the DOD. Beyond that, it’s a little bit early.”
The chip is becoming common in hardware, but most software does not yet support it, although that is beginning to change with the introduction of operating systems such as Vista.
But even with approaching ubiquity, many users and privacy advocates have reservations about the TPM and about trusted computing in general. The big question for many users is, “Whom are you trusting?”
The chip often is associated with digital-rights management schemes that many consumers see as overly restrictive and infringing on their freedom to use software and other products they have bought. They do not like the feeling that they are not in full control of their own computers or the applications and devices running on them.
“I’m not a big fan of trusted computing,” Wilson said. He added that its adoption makes sense within closed organizations such as DOD or a bank where close regulation is accepted, but consumers and other nonregulated users are likely to balk at it.
“How you use your system dictates how you feel about trusted computing,” he said. “It has got an Orwellian, Big Brother feeling to it that bothers a lot of people.”
Secure trade-offs
He also speculated that online anonymity could be threatened. “The problem with TPM is [that] they are going to know who you are,” because each chip is unique, he said. “Will it be used that way? I don’t know. That was not the intent.”
However, the possibility it could be used to track activity worries some people. Willett said he sees no downside to the technology. There are widespread concerns about relinquishing control of personal devices, but he said these concerns are unfounded.
We gave ultimate control to the users early on by giving them the ability to turn the chip off, he said. Regarding digital-rights management, DRM is a trade-off, Willett said. If users do not feel they are getting more value and functionality by using DRM-protected products, they can choose not to use them. “It’s up to you,” he said.
But Wilson said he fears that if digital-rights management becomes ubiquitous, freedom of choice will be jeopardized; consumers will not have the option of using applications and devices without DRM and will be forced to accept restrictions the technology imposes.
Ed Hammersla, chief operating officer at Trusted Computer Solutions, is more charitable toward TPM and trusted-computing technology.
“It’s a good and helpful effort to increase the level of trust in the general computing environment,” he said, and TPM is the secret sauce that can help enable cross-domain information sharing.
But that’s a far cry from having a fully trusted computing environment based on this technology, he said.
“The technology is helping us, in limited quantities,” he said. “There are places where it is working and making progress.” Using a football analogy, he said there is still a long way to go to achieve real trusted computing. “We are on the 20- or 30-yard line with a big field in front of us.”
Ross points out that trusted computing ultimately depends on more than technology built into hardware and software. It depends on a trusted relationship between the parties sharing information and between the users and their systems. This requires some way for each to judge the other’s trustworthiness. This, in turn, requires the ability to demonstrate a level of compliance with a set of security requirements: a matter not only of technology but also of policy.
Developers need to give more attention to software development and system-engineering processes, Ross said. Full trust can best be achieved when the applications and operating systems running on our trusted-hardware platforms have been built from the ground up to standards of trustworthiness rather than merely evaluated for compliance with a set of specifications at the end of the process. “We have focused an awful lot on the evaluation side, and we haven’t spent enough time on the development process for good software,” Ross said. “You cannot evaluate your way to good software.”
OT – Oh! - Please, please come the day ….. When trusted computing is finally allowed to becomes the norm, and I won’t have to faff about! – spending half the morning (Grrrhh) with my e/mails moving crappy spam around.
It’s a shame y’know guys, but don’t need this/have the time – who knows maybe I’m beginning to loose it
(OK OK and so I only have the freebie Outlook filter presently, my bad )
……and now today jeeze just look at this lot - latest August spam figures………….
Mail volumes increased dramatically during the month of August, eclipsing even the record highs established last December, with spam making up 89% of all email. The increase was largely caused by the huge number of fake greeting card and YouTube video emails with links to malicious websites sent by the Storm worm, as well as large amount of PDF spam also distributed by Storm. At the end of the month, Storm had ceased to distrubute PDF spam, most likely due to a lower response rate from users for this type of spam
Trojans accounted for over 78% of all newly discovered malware in August, followed by Adware and Spyware that made up almost 14%. 97% of all new malware came in the form of Windows Executable files
An average of 264,133 new zombies were detected daily in August, many associated with the new infections caused by the Storm worm
An average of 11,906 total new malicious websites were detected daily in August. Over 50,000 of them had been used by the Storm worm to host the Mpack exploit toolkit that it uses to infect victim machines
The lists just go on………. ad nauseum……..
www.trustedsource.org
Can't help feeling that there's more news lurking! eom
One things for certain! - These Wave 'blue chip' type announcements can only help to reinforce and provide a pro' shopfront veneer to our tech' (and to the markets) that's been sadly undervalued and remiss of late.
IMO this may well be the catalyst to open the door now for more releases with the many ongoing developments, in our not too distant future eom.
Intel, said, "We have chosen to bundle Wave's TPM management software into Intel(R) Desktop Boards Executive Series, which includes the Intel(R) Q35 Express Chipset, to fortify the built-in security capabilities of our motherboards with advanced authentication, password management and data encryption."
And you wonder why so little traction!
IT security: Too big for government
Agencies can lead, but the private sector needs to tackle the problem, experts say
By William Jackson, GCN Staff
http://www.gcn.com/print/26_21/44843-1.html
RISKY BUSINESS: Former counterterrorism czar Richard Clarke says, “We are accepting a high level of cost we needn’t accept.”
Information technology security and information assurance are becoming too critical, too big and too complex a problem for the government to handle by itself, according to two security experts. But they disagree on how well government and industry are responding to the need for greater cooperation to improve cybersecurity.
Tony Sager, chief of the National Security Agency’s Vulnerability Analysis and Operations Group, said in an opening address at the recent Black Hat security conference
In the past, “the government owned the problem. Those days are over.” —Tony Sager, NSA
in Las Vegas that government needs industry’s help and that NSA is reaching out to industry.
“We’ve got to figure out how to solve this problem with solutions that scale across the entire community,” Sager said. That means his agency must bring its information to the table and find common ground with the private and academic sectors. “ ‘We’re from the government and we’re here to help’ doesn’t work with this crowd.”
According to Richard Clarke, former U.S. counterterrorism czar, who shared the opening keynote address slot with Sager, the government’s culture must change a lot more before the country’s critical infrastructure can be secured.
“I’d like to know why it was that we lost momentum in solving the problem in more than a piecemeal manner,” Clarke said in an interview with Government Computer News. “There is no leadership. There is no national plan implemented.”
Industry, commerce, health care and national defense increasingly rely on an Internet that remains brittle and open to attack and disruption, Clarke said. “The day-to-day environment is replete with crime and espionage. We are accepting a high level of cost we needn’t accept. But we’ve done nothing to solve the problem.”
Clarke has been a high-profile critic of the nation’s cyberdefense efforts since his retirement from government in 2003. Now the chairman of Good Harbor Consulting, he served under four presidents, from Ronald Reagan to George W. Bush. His last government position was chief counterterrorism adviser under Presidents Clinton and Bush, and he helped develop the National Strategy to Secure Cyber Space, released in February 2003.
Despite concerns about a lack of leadership, change is occurring, Sager said. Although much of NSA’s work remains secret, Sager’s organization in the agency is a reflection of the need to work with industry to develop open and standardized security and research practices.
When Sager began working at NSA in 1977, “it was a dramatically different security problem,” he said. IT security was a government monopoly. “The government owned the problem,” and could control the technology. “Those days are over.”
NSA has struggled with the change in culture. “But you have no choice but to be concerned about the security of commercial products” the government does not control, Sager said. “We changed the way we behaved” to gain the trust and cooperation of the security research community.
But according to Clarke, government has lost an opportunity to make real progress in IT security since the release of the National Strategy to Secure Cyber Space. “In this case, we had high-level awareness that there was a problem,” Clarke said. President Bush signed off on the strategy and there was an understanding among government and industry leaders who collaborated on the strategy of the need for the two sectors to cooperate. “They understood it was not mainly a government problem,” he said. There was a necessary role for government, but “it was a private-sector problem, mainly.”
However, little progress has been made and some ground has been lost. The government has failed to provide a role model for security, as it was supposed to under the strategy; federal funding for security research and development is down; and the situation probably will get worse before it gets better, he said. “We need to ask ourselves, why?”
No leader
The problem stems from a lack of congressional as well as presidential leadership, coupled with a lack of executive initiative in the private sector, Clarke said.
“The government didn’t want to regulate,” he said, and did not feel competent to regulate in technical areas. Without government leadership, corporations won’t move unless forced by some catastrophe. “What motivates people at the corporate level is disaster.”
Meanwhile, there has been progress from companies that see a relationship between the security of their products and their business success. Corporate giants such as Microsoft, Cisco and Oracle often are cited as examples of companies that have improved their own software development processes. Government has had a hand in encouraging those improvements by creating standards and putting business pressure on the companies.
NSA’s set of security guidelines for Windows NT in 1999 was just one of 14 sets of such guidelines for that operating system. But the complexity of Windows 2000 made the job too difficult for NSA to handle alone.
The agency built a cross-agency, public/private partnership with the Defense Information Systems Agency, the National Institute of Standards and Technology (NIST), the SANS Institute and the Center for Internet Security to develop guidelines.
This led to a standard default configuration for the OS required by the Air Force, which eventually was adopted by the Defense Department and civilian agencies. NSA now is partnering with other agencies in developing a number of open programs such as the Common Vulnerabilities and Exposures scheme and the Security Content Automation Program housed at NIST.
But Clarke said effective leadership could have accomplished much more by now. Service providers could be filtering malware before it hits the local-area network and end user, he said. There could be better and more encryption, a secure Domain Name System and a parallel network structure to provide priority service during emergencies.
However, there are bright spots. Companies are beginning to reduce the scope of vulnerabilities in their software and IPv6 is slowly moving forward, especially in Asia. But Clarke is not optimistic about the government’s ability to make use of the new version of IP, which is supposed to be enabled on agencies’ backbone networks by next June.
“I am very skeptical that the government is going to do the things it says it will do, because it hasn’t over the last five years,” he said.
What can be done to improve the situation? The next administration might appoint someone to lead the effort, he said. “Certainly not me, because I’m not going back in.”
Until that leadership comes, Clarke is afraid that nothing short of a catastrophe will focus adequate attention on these issues.
In the absence of the financial pain caused by a cyberdisaster, “the only thing that’s going to get anybody to do anything is regulation,” Clarke said. “And that’s too bad, but when you have a market failure, you have to have regulation.”
bigbob - Cubic continues to be one of Waves eight strategic partners, tho' not much heard since the 03 partnership push!
http://www.cubic.com/corp1/news/pr/2003/Cubic_Wave_partner_7-29final.html
Rapid Adoption of EHRs and RHIOs (still trundling onward)
http://health-information.advanceweb.com/common/editorial/editorial.aspx?CC=92207
By Deborah Pappas
As new government funding is directed toward advancing HIT initiatives, there has been steady progress with the adoption of EHRs, while increasing numbers of regional health information organizations (RHIOs) are being organized across the United States. In fact, the market for EHRs in the United States is poised to grow at a rate of 13.5 percent over the next 4 years, and by 2015 it will top $4.85 billion, according to a study from Kalorama Information. However, while the associated cost and treatment benefits are fairly well documented, security and patient privacy implications continue to be of concern, and are considered by some to be holding back more dramatic growth.
Findings from the 18th Annual HIMSS Leadership Survey, published April 10, 2007, revealed that health care IT professionals identified an internal breach of security as their primary concern regarding the security of data at their organization. This, coupled with the reported HIMSS member adoption of RHIOs and EHRs (with 23 percent of respondents reporting that their organization participates in a RHIO; 69 percent of respondents indicating that their organization either has a fully operational EHR system in place or is currently installing one) underscores the importance of health care organizations looking to identity management technology to automate processes involved with the granting and controlling of access to critical systems and protected health information (PHI).
Balancing Control, Compliance and Care
With the recent move by the Health and Human Services (HHS) Office of Inspector General (OIG) to initiate a HIPAA security compliance audit with a southeastern U.S. hospital, security and privacy concerns associated with clinical applications and patient data have been reignited, putting further pressure on EHR and RHIO models. As a result, health care providers are increasingly looking to demonstrate compliance with their corporate policies governing IT access without disrupting clinical workflow. By applying the same automated policy enforcement principles to both internal users/staff and external users such as patients, affiliated physicians, researchers and partners, care delivery organizations can add both preventive (ensuring strong application of security policies during the initial granting of user access) and detective controls (certifying user access over the user lifecycle and attesting to any variances from policy) to their access management process.
With increasing reliance on independent, remote and contract workers, managing and controlling physician and workforce access to clinical and patient information remains a significant challenge for health care organizations – further complicated as more providers adopt EHRs and move toward RHIO scenarios. The critical need to manage “identities” and access across organizations has had a direct impact on compliance, security and audit concerns. Health care providers must answer serious questions about how remote or non-employee access to information in EHRs is being monitored and controlled. Similarly, in collaborative RHIO situations, who controls access to patient information? Is it provided immediately to ensure proper patient care? And is it done so in compliance with HIPAA regulations regarding patient privacy and minimum necessary access?
Well spotted mundo! - with a 12pm Times Square b/cast from our very own Michael Dell - this has to be the silence breaker we've been looking for IMO.
Thanks Guys! - had a funny moment there for a minute.
;?) eom
This may have already been posted - but I'm not too sure I like the look of this?
From Secude Newsletter 06/13/07
FinallySecure: A major milestone in Full Disk Encryption
SECUDE is approaching a major milestone in Full Disk Encryption with the launch of FinallySecure for Seagate Momentus FDE.2 drives. The launch will establish SECUDE as a market leader and give us a truly unique selling proposition in that we are the only company to offer both hardware and software based FDE.
Our value proposition with the new product FinallySecure is to offer our customers Risk Management, Productivity, and Adaptability within a completely transparent security umbrella. Risk management means security from fraud, compliance, theft, and sabotage. Productivity means invisible security which protects the user without interfering or being cumbersome. Adaptability means supporting corporate growth within a heterogeneous IT ecosystem.
These values stand at the core of SECUDE. We are pleased to be able to offer these values in our new FinallySecure product line which will incorporate Secure Notebook and integrate into our upcoming Secure Management Console this year.
go-kitesurf - Many thanks to you and others,for your SHM observations and candid comments of this time. eom
Intel, Asus Announce $199 'Eee PC'
06.05.07
By Mark Hachman
Bug: Computex Taipei 2007
TAIPEI — Asus and Intel have teamed up to develop a $199 notebook PC, the companies announced here on Tuesday.
In a keynote address given by Sean Maloney, an executive vice president at Intel and chief marketing and sales officer, Jonney Shih, chairman and chief executive of Asus, was invited on stage to unveil the "Eee PC," an inexpensive laptop designed to help spread computing to poorer regions.
Two models were demonstrated: a $199 and $299 model. They represent part of what Intel is now calling its "World Ahead," market initiative, giving virtually anyone around the world a chance to own a PC. Rival AMD has had its own initiative, more dedicated to seeking partners in impoverished companies to provide low-cost computers, which it calls its "50x15" plan.
A shipping date was not announced for the new device. The Eee PC will apparently connect to the Internet, as it will allow users to make VOIP calls, Asus' Shih said.
"It will give them [people] the chance to access the Internet and share in the 21st century opportunity," Maloney added.
Details of the new Eee PC were scarce; given that Shih introduced the Eee PC during Maloney's keynote, it was assumed that the design would contain an Intel processor and chipset. In a demonstration on stage, a working model of the Eee PC booted in about fifteen seconds to what was clearly not a Microsoft OS. It weighs about 900 grams, Shih said.
"This is the world's lowest cost and easiest PC," Shih said, holding the small white conventional notebook aloft. The name, he said, represented a three-fold repetition of the word "easy": "easy to learn, easy to play, easy to work," he said, noting that the name also conjured up the Nintendo Wii game console, which novices can pick up and play in a matter of minutes, he said.
While small, light notebooks are nothing new, the Eee PC represents a new segment for the market: an ultra-low-cost laptop that will apparently be sold as is, and not subsidized by a service provider to lower the cost.
"We really hope, you know, that in the whole world far more people are looking for a low-cost and very easy PC," Shih said, noting that a cheap PC designed for households wit senior citizens or young children could "really expand the market", and perhaps expand it by another billion dollars, he said.
"They don't necessarily replace higher-end products, at multiple price points," Maloney said, addressing the question of whether the new PCs would cannibalize existing products.
Hold on tight folks!
Symbol Last Trade Change Bid Ask Volume Related Info
WAVX 9:34AM ET 2.15 0.3500 13.39% 2.1100 2.1500
ootommy - Negroponte says Intel should be "ashamed of itself"
By INQUIRER staff: Monday 21 May 2007, 07:34
THE MAN WHO wants every child in the world to have a cheap laptop with an AMD chip in it has accused microprocessor Intel of being "shameless" by attacking the One Laptop thrust.
Intel has "hurt the" One Laptop per Child initiative enormously by targeting its machine. In a CBS interview, he claimed the government of Nigeria had given him an Intel document showing the shortcomings of Negroponte's machine compared to its own Classmate device.
He is furious that Intel's CEO Craig Barrett called the One Laptop a gadget. The Negroponte initiative is caught in the middle of a vicious fight between AMD and Intel, he said.
We've tracked Intel and AMD for many years now, and think it's fair to say that while many members of staff and executives we've met are thinking, feeling human beings, the corporations themselves are entirely without conscience, remorse, and completely incapable of blushing, bursting into tears, or falling in love.
The dollar is a merciless god. µ
L'INQ
CBS News
Darth! - WAVX 9:48AM ET 2.68 0.0499 1.90% 2.6600 2.6800 5,601
Microsoft admits Vista failure
The Inquirer:
Actions speak louder than PR
By Charlie Demerjian in Beijing: Saturday 21 April 2007, 12:20
WITH TWO OVERLAPPING events, Microsoft admitted what we have been saying all along, Vista, aka Windows Me Two (Me II), is a joke that no one wants.
It did two unprecedented things this week that frankly stunned us.
Dell announced that it would be offering XP again on home PCs. The second that Vista came out, Microsoft makes it very hard for you to sell anything other than Me II. It can't do this on the business side because it would be laughed out the door, but for the walking sheep class, well, you take what you are shovelled.
This is classic abusive monopoly behaviour, Microsoft wrote the modern book on it. It pulled all the major OEMs in by twisting their arms with the usual methods, and they again all fell into line. Never before has anyone backpedalled on this, to do so would earn you the wrath of Microsoft.
But Dell just did. This means that Me II sales are at least as bad as we think, the software and driver situation is just as miserable, and Dell had no choice but to buck the trend. If anyone thinks this is an act of atonement for foisting such a steaming pile on us, think again, it doesn't care about the consumer.
What happened is, the OEMs revolted in the background and forced Microsoft's hand. This is a big neon sign above Me II saying 'FAILURE'. Blink blink blink. OK, Me II won't fail, Microsoft has OEMs whipped and threatened into a corner, it will sell, but you can almost hear the defectors marching toward Linux. This is a watershed.
The other equally monumental Me II failure? Gates in China launching a $3 version of bundled XP. Why is this not altruism? Well, it goes back to piracy and how it helped enforce the MS monopoly. If you can easily pirate Windows, Linux has no price advantage, they both cost zero.
With Me II, Microsoft made it very hard to pirate. It is do-able, you can use the BIOS hack and probably a host of others, but the point is, it raised the bar enough so lots of people have to buy it. Want to bet that in a country with $100 average monthly salary, people aren't going to shell out $299 for Me II Broken Edition?
What did MS do? It dropped the price about 100x or so. I can't say this is unprecedented, when it made Office 2003 hard to pirate it had to backpedal with the student edition for about $150. This time though, things are much more desperate.
If you fit Microsoft's somewhat convoluted definition of poor, it still wants to lock you in, you might get rich enough to afford the full-priced stuff someday. It is at a dangerous crossroads, if its software bumps up the price of a computer by 100 per cent, people might look to alternatives.
That means no Me II DRM infection lock in, no mass migration to the newer Office obfuscated and patented file formats, and worse yet, people might utter the W word. Yes, you guessed it, 'why'. People might ask why it is sticking with the MS lock in, and at that point, it is in deep trouble.
So, it did the unthinkable, and dropped the price. I won't bother to hunt down all the exec quotes saying how people can't afford clean water would be overjoyed to sell kidneys to upgrade to the new version of Office, but they are out there. This was a sacred cow, and it is now hamburger backed up against the wall.
These two actions by Microsoft are proof of what I suggested three years ago. Microsoft has lost its ability to twist arms, and now it is going to die. It can't compete on level ground, so is left with backpedalling and discounts of almost 100 times.
What we are seeing is an unprecedented shift of power. It is also an unprecedented admission of failure. And the funniest part about the moves made? They are the wrong things to do. Microsoft is in deep trouble. µ
wavxmaster! - WOW we have contact, hey guys this new TVTonic works like a dream, very user friendly - masses of help screens - a must try - now certainly Wave Systems icing on the cake. eom
This might be a quiet movement up towards the tipping point? eom
Good point! - GreenWavx I think you're right - the sequences are becoming more meaningful, seemingly with a definite end in sight. eom
Elan & slate! - e/mail from WXP help circa about 6 months ago.
Cory Knysh
TVTonic Support
support@tvtonic.com
Hi.
Cory from our Support department told me that you are having trouble getting
TVTonic working. I apologize for taking a while to get back to you.
I've taken a look at your email exchange and can't quite figure out what's
going on with your installation.
I see you use an F-Secure fire. I'm not familiar with that firewall. It's
possible that the firewall software disables some "threatening" programs. Have
you taken a look at our Knowledgebase article on this?
http://www.tvtonic.com/forum/kb.php?mode=article&k=15
I'm almost positive that's not your problem but it's worth taking a peek at.
For the newer problem "Line 1: Incorrect syntax near \',\'. "... we updated
our software interface just last week. Downloading and installing TVTonic
again may have fixed that problem... though I can't promise it.
You might also try running Windows Update, including the Optional updates.
It sounds crazy but most computers install TVTonic with no trouble. Others
have all manner of problems. We are working on those parts.
We'll have a new version out in about a month or so, version 3.1. You may want
to try and install that version. Though running the Windows Updates might do
it for you.
Thanks
Lee Sonko
TVTonic Support
support@tvtonic.com
SlateColt! - To be fair to tvt they've done their best to help, I don't think this is a general problem - I think it's just me with a few screws loose - that is in the 'puter. Lol eom
Yeaiknow! Thanks for that. eom
Well done to barge! TV Tonic’s one man advertising machine lol (and keep it going pal).
Must say that whenever this gob-smacking viewing medium (an equal of which to my mind there really is none at present) is allowed (some way or another) to present itself, in a packaged retail easy sell way to our joe public, then it will have finally arrived.
But..
Here in the UK which is techwise a few light years behind the US, I would dearly love to demonstrate some tangible demo of Wave's outstanding brill’
(Again perhaps to some of my unsuspecting evening guests who by now have usually gone into the wavx glazed over mode?)
Embarrassingly with apparently perhaps a glitch in my pc’s Grrrrr I can’t download TVT at present, (maybe because it’s in the UK) but I’m sure (as in the past) this can be overcome!
Wave Express is one of the brightest things around – All I know is that - it’s been or too long under wraps. eom
OT bake56! - Always a shock to the system to find even as a wave long you aren't infallible.
My wife who is a practising physician had this comment - You can't really move forward until your surgeon has obtained some specimen histology, and if localised as it seems, and from your description made it would appear quite hopeful of a satisfactory outcome, given the medical advancements in this present day.
Bake! - Hope this may help out some here, specially as we need all the guys around for Vegas. ;?)
Boom
Thanks for the TVT update wavxmaster, will give it another whirl. eom
With the Classmate PC find! and if trusts rumour did have any credence, there's no doubt in my mind that it would be a hugely significant mover for Wave and t/computers. eom
Elan Vital! - Sad to say that for the past year +, I haven't been able to reload TVT either (and thats trying with two new pc's)- I have talked to TVT tech staff who are also baffled, it seems to me to have gone awry worryingly, after the last windows media player inclusion, guess I'll just wait till after my Vista upgrading whenever! - pity cus' its a brilliant piece of tech' eom
Mig - good point! - but this CC will have more in depth onlookers this time methinks!
;?) eom
Thanks gugi looks right on the money! - translated-ish
CeBIT news: Managing directors recover control of Firmennotebooks!
For the first time with comprehensive safety system recover control of Notebooks [ indicate pressefoto ] [ pdf to file indicate ] Frankfurt (pts/09.03.2007/13:30) - Notebooks represent large safety risk for enterprises and authorities today still another.
Extensive volume of data is not only insufficiently protected at all or. They mean, with it must compensate itself one? Seagate Technology, Tarox, Wave of system and ICT Economic Impact point you on Thursday, 15 March 2007 the innovative complete solution to the Notebooksicherheit.
First presentation on the CeBIT 07: Seagate, Tarox, Wave and ICT load to the Hospitality a Suite on Thursday, 15 March 2007 from 12.00 to 17,00 o'clock in the area Dresden, Convention center, ground floor.
The four enterprises present the complete solution: Innovation in hardware security makes the systems for applications in enterprises and authorities surely, fast and more economical than past technologies.
The new Notebook series of Tarox "Corporate Secure edition" uses Wave System's Embassy trust Suite and Seagate's Momentus 5,400 FDE.2 non removable disks, with which not software, but hardware takes over the safety kernel functions. An important step into the future of IT security for enterprises.
To each full hour a 10-minuetige presentation is held. The devices can be taken in inspection and be led with the management and specialists individual discussions: Joni Clark Product marketing manager for the Seagate Technology Notebook STORAGE LINE InterNet: http://www.seagate.com Steven Sprague CEO Wave of system Corp.; Nasdaq: WAVX InterNet: http://www.wave.com/ Bruno Leconte Vice President EMEA Wave of system Corp. Uwe Huefner, leader product management Tarox InterNet: http://www.tarox.de Alexander W. Koehler CEO ICT Economic Impact Ltd.. InterNet: http://www.ict economic impact.com.
Please you let us with interest first know, so that we can reserve a date for you and put a surprise back for you. If you liked yourselves to ease from the strains of the CeBIT, you can use the Hospitality Suite for a free Wellness Massage. Tel.: 06101 655573 fax: 06101 655574 email: info@ict economic impact.com InterNet: http://www.ict economic impact.com (end) Aussender: pts - presseinformation (D) partner: Alexander W. Koehler email: alexander.koehler@ict economic impact.com Tel. +49 (6101) 655573
WAVX 9:30AM ET 2.59 Up 0.17 Up 7.24% 2.52 9,899
Gottabe a shoe in for Wave here!
drives you nuts! - Thought we'd had a FBI demo ?
Department of Justice report: FBI unable to properly track 51 lost laptops
http://www.scmagazine.com/uk/news/article/632384/department-justice-report-fbi-unable-properly-track....
Auditors from the U.S. Department of Justice (DOJ) reported this week that during a 44-month period ending in September 2005, the FBI lost 61 laptops containing either sensitive information or information the FBI was unable to confirm as sensitive.
The findings were part of a recently published report penned by the Office of the Inspector General (OIG) on lost and stolen weapons and laptops. During the three-and-a-half year period examined by OIG auditors, the FBI lost or had stolen 160 laptops.
Of those, 10 contained sensitive or classified information that included case details, personal identifying information or classified information on FBI operations. One laptop, which was reported as stolen, contained software used to make FBI identification badges. Though three of these 10 machines were encrypted, the FBI could not confirm whether the rest had cryptographic solutions installed.
Most disconcerting to OIG auditors, however, were the 51 laptops that had information that the FBI was unable to quantify or categorize.
“This is a significant deficiency. Some of these laptops may have contained classified or sensitive information, such as personally identifiable information or investigative case files,” the OIG report read. “Without knowing the contents of these lost and stolen laptop computers, it is impossible for the FBI to know the extent of the damage these losses might have had on its operations or on national security.”
Among these laptops, six were assigned to the bureau's Counterintelligence Division and one was assigned to the Counterterrorism Division.
“Yet, the FBI did not know the contents of these computers or whether they contained sensitive or classified information,” the OIG reported.
Most IT security professionals agree that laptop loss and theft is unavoidable in any organization.
“Computer loss is a fact of life,” said John Livingston, CEO of Absolute Software. “This is a really hard problem to solve, because you’re dealing with thousands of different notebook computers and knowing what’s on each individual computer is a challenge for any IT department. So what we suggest is having an encryption solution (and) having a tracking and recovery solution so that if you do get into trouble you can do something after the fact.”
In the case of the FBI, IT professionals within that organization manage more than 26,000 laptops at any given time. Most security professionals from government agencies and beyond would agree with Livingston about the difficulties faced in tracking information assets on these machines, said Tom Bennett of Oakley Networks.
“We just had a customer roundtable and we had eight of the top (federal) agency security heads in on this discussion, and this is one of the issues that came up several times,” Bennett said.
He explained that IT security practitioners in government and private organizations must find ways to better track the information contained within lost or stolen devices.
“I really think that the proof is in the pudding. I think companies have to find some sort of mechanism to do one of two things,” he said. “Either establish that no data manipulation has taken place since the laptop was lost — even if it was encrypted — or have some way of ensuring that certain types of activities indicative of somebody trying to break into the data would result in an automatic destruct.”
The findings published this week by OIG were based on a similar study conducted in 2002. In response to the publication of audit findings, the FBI was quick to point out improvements made since the initial survey of missing laptops.
“It is notable that the inspector general has concluded the FBI has made significant progress in decreasing the rate of loss for laptops,” FBI Assistant Director John Miller said on Monday. “The OIG determined that when compared with figures from 2002, there has been a 312-percent reduction in the loss or theft of laptop computers.”
The main thrust of OIG findings was that even though overall theft and loss has reduced, the FBI is still sorely lacking in timely reporting of missing laptops and their contents. In addition to failures in categorizing data in 30 percent of missing laptops, the FBI also fell short when it came to reporting laptop loss to the appropriate interagency organizations.
For example, the security team at DOJ Computer Emergency Response Team (DOJCERT) considers any unexpected, unplanned event that could have a negative impact on IT resources as an “incident,” making most — if not all — of the 160 incidents reportable. But the FBI only submitted one incident report to DOJCERT regarding missing laptops during the entire period audited by the OIG.
FBI officials acknowledged the weaknesses in its current processes and vowed to right the ship.
“While the Inspector General acknowledged that the loss of certain resources is inevitable in an organization the size of the FBI, we nevertheless stand committed to increasing institutional and personal accountability to further increase the progress we have made in minimizing the loss of firearms and information technology components,” Miller said. “We appreciate the work done by the OIG and agree with the majority of their recommendations. We have or will be implementing those recommendations.”