Register for free to join our community of investors and share your ideas. You will also get access to streaming quotes, interactive charts, trades, portfolio, live options flow and more tools.
Register for free to join our community of investors and share your ideas. You will also get access to streaming quotes, interactive charts, trades, portfolio, live options flow and more tools.
Napolitano: Cyber threat 'right in front of us'
?By William Jackson
?Mar 23, 2012
Cybersecurity is a top priority in the Homeland Security Department’s fiscal 2013 budget request, and spending for it would get a 74 percent boost while overall department funding would remain flat in the coming year.
“The cybersecurity threat, in my wheelhouse, is right in front of us,” DHS Secretary Janet Napolitano told the Senate Homeland Security and Governmental Affairs Committee on March 21.
There was disagreement among the senators on what the role of DHS should be in protecting the nation’s critical infrastructure, however. Committee Chairman Sen. Joseph Lieberman (I-Conn.), who called cybersecurity “the most significant vulnerability we have in homeland security today,” has introduced a bill that would give the department oversight over the security of designated critical infrastructure. The panel's ranking Republican, Sen. Susan Collins of Maine, is a co-sponsor of the bill.
But Republican Sen. Ron Johnson of Wisconsin was skeptical of the cost and need for federal regulation of privately owned networks. He supports an alternative bill that focuses only on enabling better information sharing between the public and private sectors.
Napolitano said the two issues are not mutually exclusive. “We need the information sharing, and it needs to be real time,” she said. But she added that “it makes common sense” for DHS to be in charge of ensuring that critical infrastructure maintains a basic level of security and predicted possibly disastrous consequences within 18 months if steps are not taken soon to improve security.
“We will have suffered a major infiltration or attack and we will find some part of our critical infrastructure with a gap,” because the industry was not doing enough to protect itself on its own, she said. “What we know now is already enough to go ahead, and we should be moving forward.”
The department’s budget request for next year calls for $39.5 billion in discretionary spending, basically the same as the current year. But the budget would shift more than $850 million from administrative spending to mission support for core, front-line operational priorities. Cybersecurity, which is identified as one of the department’s five core missions, would be a major beneficiary of the shift, increasing that portion of the budget by $325.8 million to a total of about $770 million.
The money would go toward speeding the deployment of Einstein 3, the federal network monitoring system for intrusion detection and prevention, and boost the budgets for the U.S. Computer Emergency Readiness Team, which provides information sharing and incident response for intrusions in government and private-sector networks.
Priorities include:
?$236 for federal network security: To help executive branch civilian departments and agencies in improve their cybersecurity posture under the Federal Information Security Management Act, and improve continuous monitoring of network activity and other capabilities to address evolving cyber threats.
?$345 for the National Cybersecurity Protection System: This includes Einstein, an integrated intrusion detection, analytics, information-sharing, and intrusion prevention system. The program will continue to focus on intrusion prevention in 2013 while improving situational awareness of evolving cyber threats through a Managed Security Services solution. Under the MSS solution, each Internet service provider will use its own intrusion prevention services that conform to DHS-approved security, assurance and communication requirements.
?$93 million for US-CERT operations: The operational arm of the National Cyber Security Division, US-CERT leads and coordinates efforts to improve cybersecurity posture, promote cyber information sharing, and manage cyber risks. It provides customer support and incident response, including 24-hour support in the National Cybersecurity and Communications Integration Center. As NCPS covers more federal network traffic, additional US-CERT analysts are required to ensure cyber threats are detected and the federal response is effective.
?$12.9 million to increase the cybersecurity workforce: To provide high-quality, cost-effective virtual cybersecurity education and training to develop a robust cybersecurity workforce able to protect against and respond to national cybersecurity threats and hazards.
?$64.5 million for cybersecurity research and development: Focused on strengthening the nation’s cybersecurity capabilities.
Other elements include funding for a multistate information-sharing and analysis center, and support for cyber investigations conducted through the Secret Service and Immigration and Customs Enforcement.
ICE provides computer forensics support for investigations of domestic and international criminal activities, including benefits fraud, arms and strategic technology, money laundering, counterfeit pharmaceuticals, child pornography, and human trafficking involving the Internet.
The Secret Service’s Financial Crimes Task Forces focuses on the prevention of cyberattacks against U.S. financial payment systems and other critical infrastructure.
http://gcn.com/Articles/2012/03/23/DHS-2013-budget-cyber-threat-senate-hearing.aspx?Page=1
1260 Try dumping your cookies.
Microsoft Unveils Its Next-Generation OS, Windows 8
By JENNA WORTHAM | New York Times – 19 minutes ago.. .
.
BARCELONA -- On Wednesday, Microsoft showed off the newest version of the company's operating system, called Windows 8.
Windows 8 is the biggest re-design of the company's software since Windows 95, said Steve Sinofsky, the president of Windows, who introduced the new operating system at a swanky, poolside event during the Mobile World Congress--waiters handed guests glasses of champagne and small tapas and snacks were served.
"Windows 8 is a generational change in the Windows operating system in the design, functionality and implementation," said Mr. Sinofsky.
Microsoft has planned two versions of its Windows 8 software. One is designed around a touch interface and will be available on Microsoft tablets and another version is for PCs, that is designed to work with a mouse and keyboard. Both share the same aesthetic and navigation.
Mr. Sinofsky said that company worked to make sure that people who were switching between using Windows on a smartphone, tablet and laptop would not be confronted with any break in their use of the software as they cycled between mobile devices.
"There are too many hard stops between tablets and devices and smartphones," he said. "This makes them much more harmonious and seamless."
Julie Larson-Green, who is the head of design for Windows 8, demonstrated the new software on a specially designed Samsung tablet, said that the company aimed for the interactions with the software to be "fast and fluid." The new interface, which looks similar to the software used by Microsoft's new line of smartphones, Windows Phone, takes some cues from the app-centric home screens popularized by Apple and Google. It revolves around animated tiles, called Metro.
After users sign into their Microsoft account, the software populates the tiles on their home screen with information from accounts around the Web, including Facebook, Twitter and Skydrive, Microsoft's cloud-based storage system. Ms. Larson-Green said that several applications would also come installed on the Windows 8 software, including Xbox Live, Internet Explorer and a custom-built video and music player that lets users purchase and stream albums and movies. For Windows users who prefer the familiar, drag-and-drop desktop-oriented layout of the operating system, there is also a desktop application that whisks away the tiles to reveal the original Windows interface.
Although Microsoft demonstrated an earlier version of the Windows 8 software last fall, Mr. Sinofsky said that company has made more than 100,000 changes to the code, based on feedback from developers and designers who played around with the early version. The preview is now available for download although Microsoft executives did not provide details about when the software would officially go on sale. During the preview, however, users will be able to download applications from a Windows Store, although the only applications available will be free applications. The company will add a buying mechanism, most likely before the final version of the software is released.
"It's the only operating system that lets you switch between devices," said Mr. Sinofsky. "So you can truly pick the form factor that you want to use without compromising."
http://finance.yahoo.com/news/microsoft-unveils-next-generation-os-153006770.html
HP unveils two new thin clients
HP t610 and t510 to offer improved security and performance
The HP t610 and t510 thin clients are intended to offer higher performance in a thin client form factor.
By Mark Sutton Published February 26, 2012
HP has released details of two new additions to its thin client line up.
The HP t610 and HP t510 Flexible Series Thin Client are intended to offer the flexibility of thin clients, with added features for security and performance.
The HP t610 runs a BIOS (Basic Input/Output System) that complies with the security recommendations of the National Institute of Standards and Technology (NIST), providing hard identification security for sensitive computing environments and giving businesses a second layer of protection for company data.
The thin client also includes an on-board Trusted Platform Module, which is an integrated cryptographic security chip that ensures only authorized access to networks under the certification requirements of the Trusted Computing Group.
The thin client runs on a dual-core AMD G-series Fusion processor, running at 1.65GHz, with high definition graphics, and HP active thermal management, to ensure the device does not shut down from over-heating.
The HP t610 comes with two chassis configurations - Standard and PLUS, which offers additional legacy ports, quad-head display graphics capabilities and connectivity options supporting fibre network interface cards and 802.11 a/b/g/n wireless support with dual antenna for enhanced connectivity.
The t610 will be available with a range of operating systems, including Microsoft Windows Embedded Standard 7, Windows Embedded Standard 2009 and HP ThinPro thin-client enhanced Linux.
The HP t510 runs on a VIA Eden X2 U4200 1GHz dual core CPU, with VIA ChromotionHD 2.0 graphics enable hardware acceleration of streaming multimedia for better Web browsing and remote session multimedia experiences.
Both the HP t510 and HP t610 offer a true, PC-like experience for virtualized desktop environments. The two platforms double the minimum amount of RAM that ships on HP thin clients from 1GB to 2GB.
"With these new, flexible thin clients, businesses can protect their data more effectively, and they get an exceptional user experience with better graphics and video performance, to meet the demands of segments such as financial, healthcare, public sector, retail and healthcare," said Kobi Elbaz, director, Commercial Solutions, HP Personal Systems Group EMEA. "We also made sure the t610 and t510 are easy to integrate and manage with a broad set of management tools."
http://www.itp.net/588067-hp-unveils-two-new-thin-clients
Key drives a security risk? Not when they're made like this.
?By John Breeden II
?Feb 13, 2012
A rugged plan for your agency is like a power protection or a security plan. You need to make sure that every aspect is covered. And given that most of us have home bases in areas that do not require rugged gear, the focus is probably going to be on moving data from place to place.
One of the best ways to do this, if you don’t need a full notebook, is a key drive. Once the scourge of security plans, the humble key drive has grown up a lot lately, to the point where it can become the preferred method of rugged data transfer. The CE-Secure Vault from CMS Products fits this role nicely. Based on our testing, it can keep your data safe from both the elements and hackers.
On the surface, the CE-Secure Vault we tested looks like a normal 16G key drive, though the frame is actually made of rugged aluminum. There are also higher and lower drive sizes available, though the physical size of the device is the same. The drive will work with Windows 7 and XP, Max OS X 10.5 and 10.6, and 32- or 64-bit systems, so pretty much anywhere.
--------------------------------------------------------------------------------
CMS Products CE-Secure Vault
Performance: B
Features: A
Ease of Use: A
Value: B
Price: $109 for 4G, $149 for 8G, $269 for 16G, $449 for 32G unit
Pros: Very rugged; encrypted AES 256.
Cons: Slow to write to the drive due to encryption.
Related coverage: At last a key drive the government can love
--------------------------------------------------------------------------------
When you first put the Vault into a computer, you are prompted to set up the security password. This needs to consist of at least one capital letter, one lowercase letter and one alphanumeric character and be eight characters long. In addition to the password, you are able to set up a hint in case you forget. And we were not allowed to make the hint the actual password, so users can’t shoot themselves in the foot right off the bat.
We tested for rugged but started with security. Everything that goes onto the drive is automatically encrypted to AES 256. If you don’t first enter the password, you won’t be able to see anything that is on the drive, other than the program that launches the password application, which will automatically open when the drive is inserted but can be manually triggered as well.
Precautions have been made to make the password interface more secure, which has been a weak point traditionally for key drives. For one, if the wrong password is entered 20 times, the drive is disconnected from the host system to prevent brute force dictionary-type attacks. Also, if a drive is left in a machine too long, it will disconnect, which means a user has to re-enter the password to keep working.
If you are using the drive the whole time, this won’t happen, but it can time out so you don’t leave unsecured data on the drive in a machine with bypassed security while heading off to lunch. And, of course, if you pull the drive and reinsert it, you will have to enter the password once again.
Finally, the Vault is configured so it leaves no footprints on a host computer. So although it’s not recommended, in a pinch you could use a public terminal to access the drive and not have to worry quite so much about it being a security breach.
A slight disappointment
The one slight disappointment we had with the Vault in terms of raw performance was with transfer times. Pulling data from the drive takes almost no time at all. However, because of the encryption process, it takes a long time to write data to the Vault.
Our 2G test file could be pulled from the Vault in 17 seconds, which is right on the mark in terms of what we would expect to find in any key drive using a USB 2.0 port. However, writing that same file to the drive took much longer. In fact, it took three minutes, 18 seconds. Once the data is there, you can access it normally. We even streamed a movie off the drive with no problems. But getting data to it initially takes time.
The Vault easily met the 810f mil-spec level for rugged. It dropped from heights up to 48 inches with no damage whatsoever and all data remaining secure. The one slight cosmetic problem it faced was that the CMS faceplate, which is apparently only held on by very thin strip of glue, popped off in a three-foot drop. No big deal, but CMS might want to invest in an extra dab of glue.
It goes beyond mil-spec in terms of waterproofing. We sunk it into a fish tank full of water and left it there for four hours. After a quick toweling off, we inserted it into a computer where it asked us for the password like nothing happened. And all the data was intact. It also had little problem with temperature, spending the night in an environment where it was a few degrees above freezing and a couple hours in the GCN Rainforest Test Environment where it got up to 120 degrees Fahrenheit, with very high humidity. The data never suffered, and the drive itself didn’t even get scratched.
The one thing it didn’t do, which we have seen other drives tout as a feature, is erase data if the password isn’t entered after a certain number of tries. Although the Vault will disconnect from a computer to halt a brute-force attack, the data itself remains in place. But it really comes down to the level of security you want or need. Probably just as many people have lost all their data due to a misplaced password as have been saved by a feature like that.
With strong encryption, smart protection of the password interface, and solid fortification against the elements, the CE-Secure Vault is a great choice for keeping your secrets safe as well as dry. It’s a vault that fits nicely in your pocket.
CMS Products, wwhttp://gcn.com/Articles/2012/02/06/CE-Secure-Vault-for-rugged-data-transfer.aspx?Page=1w.cmsproducts.com
G&D to Supply Turnkey TSM Solution for Commercial Mobile Payment Rollout in Australia
Munich, February 13, 2012.
Australia’s largest bank, the Commonwealth Bank of Australia, is adding multiple mobile phone-based payment options to its range of mobile banking services. Giesecke & Devrient (G&D) is providing the technology to allow secure contactless payments using mobile phones featuring Near Field Communication (NFC). The most important of the components to be provided is G&D’s turnkey Trusted Service Manager (TSM) solution. In its role as Trusted Service Manager, the technology provider will be taking responsibility via the mobile network for services including the personalization of the payment function as well as management of the payment application over its entire lifecycle.
In the first phase, Commonwealth Bank is giving iPhone 4 and 4S owners the opportunity to transfer their MasterCard® PayPass™ details onto their smartphone. Since the iPhone does not currently feature an NFC chip for contactless payment, a special cover with a Secure Element has been developed for iPhones to enable NFC data transfer. The iPhone cover, which can be ordered through Commonwealth Bank, is hooked up to the iPhone data interface and automatically communicates with the “Commbank Kaching” app installed on the iPhone. In the next phase, this set of mobile payment functions will also be made available to Android users.
Over the last few years, Commonwealth Bank has pioneered the deployment of contactless technology in Australia. It has supplied the bulk of its customers with contactless dual interface cards which are accepted for making payments at over 42,000 locations in Australia. This fact will help ensure a speedy launch and acceptance of NFC-based mobile payment functions. The NFC payment application needs to be activated by the user and the NFC capability remains active for 60 seconds thereafter. As with the current dual interface cards, amounts below 100 dollars do not require users to enter a PIN at the point of sale.
“Our Trusted Service Management solutions allow our customers to implement robust and reliable mobile phone payment systems simply and securely via the mobile network,” says Michael Kuemmerle, member of the Management Board and Group Executive of Mobile Security at G&D. As a longstanding partner to banks and mobile network operators, G&D supplies turnkey TSM solutions and takes responsibility for managing the payment function provided over its entire lifecycle. “Our highly secure and certified TSM centers in various regions are an important building block in the NFC ecosystem that will help to speed up the spread of mobile payment systems,” Michael Kuemmerle continues.
Via its local subsidiary G&D Australasia, G&D already supplies cards and personalization services to Commonwealth Bank. David Lindberg, Executive General Manager Cards, Payments & Retail Strategy, Commonwealth Bank, says that the bank’s decision to continue to use G&D for products and personalization was an easy one, given the quality of service and the cutting-edge technology that G&D is already providing. The exemplary project execution and delivery has confirmed this.
Giesecke & Devrient (G&D) : 13/02/2012
http://www.smartcardstrends.com/det_atc.php?idu=15964&main=0d56744d0693828e92007434a5958ebe
Sinofsky shows off Windows 8 on ARM and Office15
Microsoft aims for separate but equal
By Iain Thomson in San Francisco •
Posted in Operating Systems, 10th February 2012 01:46 GMT
Windows boss Stephen Sinofsky has ended months of speculation with the first (fairly) detailed drilldown into Windows 8 on ARM (WOA) platform, and says it should be ready for a simultaneous launch with its x86/64 counterpart.
Devices running WOA will come with both a Metro touch-based interface and the more traditional desktop, and will run Word, Excel, PowerPoint, and OneNote applications with full document compatibility with x86/64 systems. Photo sharing, calendar, mail, storage and contact applications will also be the same as on ARM and x86/64. But that’s it for compatibility – all other apps on WOA have to be Metro-style WinRT and come via the Windows Store.
Office 15 Excel will be compatible with your desktop
Virtualized code on the platform is out too. The process of running emulators for x86/64 applications was far too battery and processor-heavy, and too unstable Sinofsky said, so they would have to be built in an entirely new style. That said, Microsoft said it is making life as easy as possible for developers to compile WinRT applications in Visual Studio.
“If we enabled the broad porting of existing code we would fail to deliver on our commitment to longer battery life, predictable performance, and especially a reliable experience over time,” he said. “The conventions used by today’s Windows apps do not necessarily provide this, whether it is background processes, polling loops, timers, system hooks, startup programs, registry changes, kernel mode code, admin rights, unsigned drivers, add-ins, or a host of other common techniques.”
Metro-only on most WOA apps
WOA will come with Internet Explorer 10, support for HTML5 , hardware accelerated graphics and also makes greater use of integrated hardware subsystems for more power efficiency. Sinofsky claimed this would make multitasking, such as playing a movie and reading a document, much more power efficient.
Power is the key the whole deal. WOA devices aren’t designed to be switched on and off, but left in standby, for weeks it is claimed. Sinofsky stressed how closely Redmond was working with Nvidia, Qualcomm and Texas Instruments to develop these devices – almost exclusively fondleslabs one would imagine - that can match what’s on the market today, with the iPad the obvious target.
The first devices should be in the hands of a few, pre-picked developers next month and Office 15 is already out to a similar group of Microsoft testers. The Windows 8 Consumer Preview is also due out next month, and Sinofsky pointed out the name change from “beta” was because, to some companies (no names mentioned,) the meaning of the term beta as "testing release available for free to try out," seemed to have changed.
Microsoft is stressing that the two different styles will be distinctly branded to avoid consumer confusion and would have standardized connections via USB 3.0 and Bluetooth. The clunky units in the blog video will be replaced with fondleslabs designed around “industrial design, long battery life, and integrated quality,” Sinofsky promised. ®
http://www.theregister.co.uk/2012/02/10/windows8_arm_office15/
Windows 8 on ARM: building a common Windows platform
By Peter Bright | Published about 18 hours ago
Microsoft has started to talk in detail about Windows on ARM: what it will do, what it won't do, and how it has been put together in its latest post on its Building Windows 8 blog. The focus of the lengthy post is the work Microsoft has done to bring Windows to ARM: building a common ARM platform that works the same way, whether using a processor from NVIDIA, Texas Instruments, or Qualcomm. This was a substantial undertaking: unlike desktop PCs, ARM systems are all wildly different.
Windows on ARM, or "WOA" as Microsoft is calling it, is substantially identical to Windows on x86/x64. The difference between ARM systems and x86 systems is more than just the instruction set of the processor. x86/x64 systems are almost all built in the same way. The system uses BIOS or UEFI to initialize hardware and hand over control to the operating system, they use ACPI for enumerating hardware and power management, major system devices like the video card and storage controllers are connected to PCI or PCIe with other peripherals attached to USB, and storage is either SATA or SCSI.
This idea of a common system platform dates back to the original IBM PC: being PC-compatible meant fitting into IBM's idea of how the system's components should be interconnected. The connections and technology have changed (with the BIOS being the lone hold-out against progress, though even that is finally making way for UEFI), but the basic concept of a standard platform has not.
ARM has no standard platform. ARM system-on-chips might attach devices with USB or PCIe, but they might not; those devices might be hardwired to particularly memory addresses, or they might use low-power and/or low-speed busses rarely found on regular PCs such as I2C or SD I/O. They might use SATA for their mass storage, but they often use eMMC. (Incidentally, some of Intel's x86 SoCs also discard x86 platform conventions; as a result, they can't currently run Windows.)
Until now, users of ARM platforms have mostly tolerated this lack of conformity. There are some exceptions—Google required a specific configuration and design for its initial Android tablets—but overall the ecosystem is diverse and varied. This complexity led Intel to criticize Microsoft's ARM plans in May last year, claiming that Microsoft would have to produce not one ARM version but four.
Intel was wrong, because Microsoft is building an ARM platform. All ARM systems will use UEFI and ACPI. Booting and hardware detection will all work in the same way, regardless of whether a WOA system uses a Texas Instruments, Qualcomm, or NVIDIA chip. All systems must have USB and Bluetooth 4 (or better). Mass storage must use SATA, eMMC, or USB. All WOA systems will include a Trusted Platform Module. The result is that the WOA systems will be similar (though not identical) in all the important aspects, and the operating system won't have to support a vast array of different system designs. Microsoft will ship one version of Windows that runs on ARM.
The differences between the ARM and x86/x64 operating systems will be substantially reserved to the very lowest level of Windows; its Hardware Abstraction Layer and a few kernel-mode drivers. Everything at a higher level will be common to both. This has resulted in some cross-pollination. Windows 8's mobile broadband support was primarily motivated by the demands of WOA—but the feature is available on all processor architectures.
In spite of the platformization of ARM, WOA will not ship as a standalone product, and we won't be able to build our own ARM systems from components. It will be offered solely as an OEM pre-install. This also means that the chances of seeing WOA on any currently shipping ARM tablets are slim to non-existent; the software won't be readily available, and existing tablets don't conform to Microsoft's system spec.
The lack of extant hardware has complicated Microsoft's testing efforts; the company has had to build custom racks of ARM SoCs for its labs. By March, it plans to have more than 4,200 such systems. It's a problem for developers, too: the upcoming Consumer Preview will only be available for x86 and x64. Microsoft intends to seed a small number of pre-release ARM devices to developers ahead of the operating system's release.
http://arstechnica.com/microsoft/news/2012/02/windows-8-on-arm-building-a-common-windows-platform.ars
U.S. Patents Awarded to Inventors in Oregon (Feb. 1)
(Targeted News Service Via Acquire Media NewsEdge) Targeted News Service Targeted News Service ALEXANDRIA, Va., Feb. 1 -- The following federal patents were awarded to inventors in Oregon.
*** Intel Assigned Patent for Associating a Multi-context Trusted Platform Module with Distributed Platforms ALEXANDRIA, Va., Feb. 1 -- Intel, Santa Clara, Calif., has been assigned a patent (8,108,668) developed by Carlos V. Rozas, Portland, Ore., for "associating a multi-context trusted platform module with distributed platforms." The abstract of the patent published by the U.S. Patent and Trademark Office states: "In one embodiment, the present invention includes a method for creating an instance of a virtual trusted platform module (TPM) in a central platform and associating the instance with a managed platform coupled to the central platform. Multiple such vTPM's may be instantiated, each associated with a different managed platform coupled to the central platform. The instances may all be maintained on the central platform, improving security. Other embodiments are described and claimed." The patent application was filed on June 26, 2006 (11/474,778). The full-text of the patent can be found at http://patft.uspto.gov/netacgi/nph-Parser?Sect1=PTO2&Sect2=HITOFF&p=1&u=%2Fnetahtml%2FPTO%2Fsearch-bool.html&r=1&f=G&l=50&co1=AND&d=PTXT&s1=8,108,668&OS=8,108,668&RS=8,108,668 Written by Arpi Sharma; edited by Anand Kumar.
Lockheed, Northrop battle for $690M Navy contract
By FCW Staff
Jan 27, 2012
The Navy is about to pick between Lockheed Martin and Northrop Grumman as the winner of a $690 million contract to start installing computer networks on hundreds of ships and submarines, according to a report by NextGov.
The Space and Naval Warfare Systems Command expects to award the contract by Feb. 1 for the Consolidated Afloat Networks Enterprise Services (CANES) contract.
The initial contract covers 54 ships over a two-year period but eventually the program will equip 286 ships and 60-plus submarines with on-board computer networks.
Lockheed Martin Corp., of Bethesda, Md., ranks No. 1 on Washington Technology’s 2011 Top 100 list of the largest federal government contractors. Northrop Grumman, of Falls Church, Va., ranks No. 2.
http://washingtontechnology.com/articles/2012/01/27/navy-prepares-to-award-contracts-for-shipboard-computer-networks.aspx
Windows 8 secure boot: Is it really Microsoft vs. Linux?
?By 1105 Media Staff
?Jan 23, 2012
Microsoft's Windows 8 "secure boot" feature is the controversy that just won't die, at least among Linux users.
Initial fears by the Linux community -- that Microsoft's requirements for secure boot on future Windows 8-based machines would thwart Linux use -- appear to be half-correct. The catch seems to be that Linux will have trouble dual booting on Windows 8 ARM-based hardware only. Unfortunately, Microsoft has added nothing new to clarify this confusing matter.
Secure boot is part of the Unified Extensible Firmware Interface (UEFI) specification. It's an optional security procedure in the UEFI spec that promises to address a security hole in current BIOS boot-up procedures. With secure boot, initial system-checking software can talk with the operating system, and it can ensure that malware doesn't get loaded when a computer starts by verifying a Certificate Authority. This process is seen as advance in security because antimalware software today typically does not check the BIOS firmware upon bootup. BIOS is considered old software technology, and it's static enough that it's like an open book for hackers to attach malware to systems in an undetected manner.
The Linux community has complained that Microsoft will make it difficult, or impossible, to dual-boot Linux on Windows machines by requiring secure boot. By requiring hardware makers to enable secure boot on Windows 8 machines, future use of Linux will be thwarted, they have argued. The Linux Foundation, along with Red Hat and Canonical, has described some alternative plans to Microsoft's secure boot requirement to address this potential problem.
Microsoft denied in a September blog post that using secure boot on Windows 8 PCs would prohibit dual boot to Linux. However, the company did indicate that users would have to turn off secure boot first before booting to Linux. They also claimed that OEMs had complete control over the decision to enable secure boot when producing new PCs.
This argument seemed somewhat settled until Computerworld author Glyn Moody noticed something a little different from Microsoft's line of argument on page 116 of Microsoft's "Windows Hardware Certification Requirements" for client and server systems, which bears a publish date of December 2011. On that page, it appears that Microsoft is telling OEMs producing ARM-based machines that secure boot is mandatory, whereas it can be disabled on non-ARM (x86) machin
"On an ARM system, it is forbidden to enable Custom Mode. Only Standard Mode may be enable [sic]," the document reads.
"21. MANDATORY: Enable/Disable Secure Boot. On non-ARM systems, it is required to implement the ability to disable Secure Boot via firmware setup. A physically present user must be allowed to disable Secure Boot via firmware setup without possession of PKpriv. Programmatic disabling of Secure Boot either during Boot Services or after exiting EFI Boot Services MUST NOT be possible. Disabling Secure MUST NOT be possible on ARM systems."
The reference to Custom Mode in Microsoft's document represents another option closed off to Linux users on ARM-based machines. With Custom Mode enabled, users can write their own signatures for custom loaders, but Microsoft is precluding that option for ARM systems. This point is explained in an excellent overview of UEFI by Woody Leonhard in this Windows Secrets story.
Microsoft Jan. 18 offered no comment on its Windows 8 certification requirements for ARM hardware and whether it indicates that secure boot is required on those systems. A spokesperson for Microsoft just pointed to the September blog post. However, based on Microsoft's requirements document, that blog post appears to mislead with regard to ARM hardware.
It could be argued that by using the word, "PCs," in the blog post Microsoft meant x86 machines only. However, that might amount to semantic quibbling given recent trends. Future ARM machines are expected to have multiple form factors. An ARM-based desktop model is part of the strategy for ARM Holdings, according to its CEO.
Device makers at the Consumer Electronics Show the week of Jan. 16 mostly displayed tablet devices running Windows 8, according to a Computerworld article. However, Microsoft has argued in previous direction statements about enabling "create" kinds of experiences on tablets with its next-generation operating system. The idea is to make tablets akin to PCs in computing power.
Microsoft's "Windows Hardware Certification Requirements" for client and server systems is offered as a guide to hardware builders, but they are likely to construe the word "must" in it as similar to contractual language. Barring any clarification from Microsoft, it looks like future users of Windows 8 on ARM-based computers won't have an option to boot to Linux on their tablet or ultrabook computers.
es.
Microsoft also published a December 2011-dated document called "Windows Hardware Certification Requirements" for devices. However, this 943-page document apparently does not discuss any secure boot requirements.
The Software Freedom Law Center offers interesting speculation about why the secure boot requirement is different between the two platforms (x86 and ARM). The group, which advocates for the use of software without any proprietary restrictions, suggested in a blog post that Microsoft would have angered Windows XP or Windows 7 users if it had blocked the use of those OSes on future x86 hardware, whereas there's no previous hardware support legacy to worry about with forthcoming Windows 8 on ARM systems.
http://gcn.com/Articles/2012/01/19/ECG-Windows-8-Secure-Boot-Controversy.aspx?Page=1
NSA releases security-enhanced version of Android
January 17, 2012The National Security Agency's version of Android provides better access-control policies
By Lucian Constantin | IDG News Service
The National Security Agency (NSA) has released SE Android, a security-enhanced version of Android, which provides and enforces stricter access-control policies than those found in the popular mobile operating system by default.
SE Android is based on NSA's previous research into mandatory access controls (MACs) that gave birth to the Security-Enhanced Linux project back in 2000. SE Linux is a collection of Linux kernel security modules and other tools that provide a flexible mechanism for restricting what resources users or applications can access.
[Over the years, most of the low-level SE Linux modifications were merged into the official Linux kernel and they were also ported to Solaris and FreeBSD.
The NSA revealed its plan to port SE Linux to Android as part of a new project called SE Android at the Linux Security Summit last year. The first version was released on Jan. 6.
One of the main things that SE Android is trying to improve is Android's application security model, which is based on the default Linux discretionary access control. Under DAC, an application run by a particular user has access to all of the files and resources accessible to that user.
However, under the MAC model implemented by SE Linux and now SE Android, the resources available to an application can be restricted to whatever is defined in a policy, regardless of the user's permissions on the system. Because of this, SE Android can be used to confine privileged services and limit the damage that attackers can do if they exploit vulnerabilities.
Many Android root exploits like GingerBreak, Exploid or RageAgainstTheCage, target vulnerabilities in Android services. For example, the GingerBreak exploit leverages a vulnerability in vold, the Android volume daemon, which runs as root. SE Android can block the GingerBreak exploit at six different steps during its execution, depending on how strict the enforced policies are.
Unfortunately, installing SE Android on devices is not as straightforward as installing other custom Android ROMs, because the SE Android project doesn't provide any pre-compiled builds.
Users interested in deploying SE Android need to download and build the official Android Open Source Project source code and then sync their AOSP clone with the SE Android git trees in order to apply all patches and modifications. The SE Android project website contains instructions on how to do this.
SE Android is aimed at companies and organizations that need to implement strict access-control policies similar to those mandated by the U.S. Department of Defense.
http://www.infoworld.com/d/security/nsa-releases-security-enhanced-version-android-184285
SafeNet Aids Fight Against eBanking Fraud with New Optical Signing Device
BALTIMORE- January 17, 2012.
SafeNet, Inc., a global leader in data protection, announced today the availability of a new identity and transaction protection solution that addresses multiple levels of risk associated with online banking and trading transactions. SafeNet’s new eToken 3500 is an innovative electronic signing and strong authentication token-based device that will enable financial services organizations to successfully achieve the right balance of risk mitigation, cost-effectiveness, and usability when securing eBanking applications.
The SafeNet eToken 3500 uses an optical sensor to read financial transaction data from a Web browser, generating a unique electronic signature that validates each transaction, reducing threats such as Man-in-the-Browser (MitB) and Man-in-the-Middle (MitM), in which hackers hijack legitimate user identities during a transaction and redirect funds. Additionally, the optical features of the device scan the transaction data automatically, eliminating the need for manual inputs, which simplify the electronic signing process for the user while reducing errors.
“Malware-based attacks against bank customers and employees are levying severe reputational and financial damage on their victims,” says Avivah Litan, vice president and distinguished analyst, Gartner Research. “Fighting these and future types of attacks requires a layered fraud prevention approach.” Further, Gartner recommends that organizations “deploy both secure browsing and out-of-band or dedicated hardware transaction verification for high-risk transactions as complementary measures to existing authentication methods.”[1]
Financial institutions have to manage heavy volumes of high-risk transactions on a daily basis. The rising tide of cyber threats, as well as increased regulatory pressures, has necessitated a new approach to online transaction protection. Additional validation, to ensure that each transaction is authorized by a legitimate customer, can contribute significantly to reducing online banking fraud. By combining secure electronic transaction signing with one-time password (OTP) strong authentication, the SafeNet eToken 3500 eliminates the risk of transaction tampering, as well as forgotten, stolen, or hacked passwords, and mitigates the risk of identity theft. It also helps organizations comply with privacy and data protection regulations.
The eToken 3500 allows customers to:
-- Generate an electronic signature for transactions, ensuring their integrity
-- Reduce the chances of financial fraud resulting from MitM and MitB threats
-- Automatically scan encrypted transaction details, preventing typing errors
-- Maintain secure remote access to networks, applications, and Web-based services
“Forward-thinking financial services institutions need to approach authentication in a way that goes beyond simply verifying the identity of the user, which can be faked. To combat fraud and manage risk, customers need transaction protection and signing solutions that ensure the transaction itself is validated,” said Andrew Young, vice president of Authentication, SafeNet. “SafeNet’s portfolio of identity and transaction solutions, including the eToken 3500, is purpose-built to address the unique risk requirements of financial services, delivering the appropriate levels of protection during the transaction lifecycle without impeding the customer experience.”
[1] Gartner, Inc., The Five Layers of Fraud Prevention and Using Them to Beat Malware, Avivah Litan, April 21, 2011.
http://www.smartcardstrends.com/det_atc.php?idu=15842
Safenet, Inc. : 18/01/2012
Visit : http://www.safenet-inc.com/authentication
Send to a friend
Dell unveils new ultraportable laptop
CBR Staff WriterPublished 12 January 2012
Features an additional 100GB of cloud storage through Dell DataSafe for content backup
Dell has rolled out its new ultraportable XPS 13 laptop, the compact 13.3-inch Ultrabook featuring an edge-to-edge glass, near "frameless" display, all-day battery life and the latest innovative technology for a better overall user experience.
Dell XPS 13 delivers second-generation Intel Core i5 or i7 processors, Intel HD 3000 graphics and a high definition WLED 300-nit display.
XPS 13 has 128GB and 256GB solid state hard drive options, besides an additional 100GB of cloud storage through Dell DataSafe for content backup.
Additionally, it features an edge-to-edge 13.3-inch high definition display with hardened Gorilla Glass; a full-size backlit keyboard with a large glass touchpad with integrated buttons and multi-gestural support; and up to eight hours, fifty-three minutes of battery life.
In addition, XPS 13 features Intel Smart Connect technology, which gets alerted periodically to detect known networks and update calendar and email, integrates location awareness via Skyhook and Google Places shortly after launch and with the solid state drives and Intel Rapid Start technology, the XPS 13 boots in seconds.
Furthermore, the enterprise-friendly features of the XPS 13 include standard Trusted Platform Module for BitLocker Data Encryption and optional ProSupport after-sales service and configuration Ssrvices such as custom imaging and asset tagging.
XPS 13 also provides a warranty of one year of accidental damage service and one year of theft protection with Computrace LoJack for Laptops Theft Recovery Service as standard along with limited hardware warranty.
Dell president and chief commercial officer Steve Felice said when Dell began the conversation of what an Ultrabook could be, Dell carefully considered how to provide customers not only incredible mobility, but also the kind of performance experience user would expect from something much larger.
"A 'good-enough' Ultrabook wasn't good enough for us. We were committed to developing what an Ultrabook can and should be with the XPS 13 and providing a superior user experience," said Felice.
http://desktops.cbronline.com/news/dell-unveils-new-ultraportable-laptop-120112
Wave Systems has the Highest Gross Margin in the Systems Software Industry (WAVX, CHKP, CVLT) - January 03, 2012
4 hours 6 minutes ago - Financial News Network Online - News Corner via Comtex
Below are the three companies in the Systems Software industry with the highest gross margins. Gross margin represents the amount of revenue retained after deducting direct costs associated with producing the goods or services which led to that revenue. The higher the gross margin as a percentage of revenue, the better.
Wave Systems (NASDAQ:WAVX) is highest with a gross margin of 94.9%. Wave Systems Corp. creates technologies and services to secure and sell digital information. The Company's EMBASSY technology is a hardware and software-based device that enables secure transaction processing and distributed information metering in users' personal computers. In the past 52 weeks, shares of Wave Systems have traded between a low of $1.88 and a high of $5.31 and are now at $2.24, which is 19% above that low price. Over the past week, the 200-day moving average (MA) has gone down 0.8% while the 50-day MA has declined 1.9%.
Following is Check Point Software Technologies (NASDAQ:CHKP) with a gross margin of 88.7%. Finishing up the top three is CommVault Systems (NASDAQ:CVLT), with a gross margin of 86.6%. ---------------------------------http://research.scottrade.com/qnr/Public/Stocks/Article?dockey=100-003z1170-1------------------------------------------------------------
NIST plans $70M multi-award contract
¦By Alysha Sideman
¦Dec 23, 2011
Sources are being sought for a planned National Institute of Standards and Technology contract with an anticipated worth of $70 million over a one-year base period and four option periods of one year.
NIST is looking for multiple contractors to provide technical expertise and consultation in the areas of cybersecurity and information security, according to the notice posted Dec. 23.
The contract's purpose also is to ensure the Acquisition Management Division's mission can be met to "provide standards, technology, tools, and practices to protect our nation's information and information systems," the draft performance work statement said.
Other services sought include providing technical expertise and assistance in creating computer and cybersecurity standards, guidelines, Derived Test Requirements, NIST inter-agency reports, data models, databases, software development and schemas.
Prior to this notice, the incumbent Booz Allen Hamilton performed the work as the prime contractor of the Information Assurance Technology Assurance Center.
Any large or small business, capable of performing the requirements, is encouraged to respond to the post, the notice said.
The response date is Jan. 5, 2012.
http://washingtontechnology.com/articles/2011/12/23/nist-sources-sought-for-technical-expertise.aspx
OT - 'You will never need a password again' - One Innovation that 'll Change Our Lives within 5 Years
ARMONK, N.Y., Dec. 19, 2011.
Today IBM (NYSE: IBM) formally unveiled the sixth annual "IBM 5 in 5" – a list of innovations that have the potential to change the way people work, live and interact during the next five years:
The next IBM 5 in 5 is based on market and societal trends as well as emerging technologies from IBM's research labs around the world that can make these transformations possible.
At IBM, we're bridging the gap between science fiction and science fact on a daily basis. Here are how five technologies will define the future:
People power will come to life.
Anything that moves or produces heat has the potential to create energy that can be captured. Walking. Jogging. Bicycling. The heat from your computer. Even the water flowing through your pipes.
Advances in renewable energy technology will allow individuals to collect this kinetic energy, which now goes to waste, and use it to help power our homes, offices and cities.
Imagine attaching small devices to the spokes on your bicycle wheels that recharge batteries as you pedal along. You will have the satisfaction of not only getting to where you want to go, but at the same time powering some of the lights in your home.
Created energy comes in all shapes and forms and from anything around us. IBM scientists in Ireland are looking at ways to understand and minimize the environmental impact of converting ocean wave energy into electricity.
You will never need a password again .
Your biological makeup is the key to your individual identity, and soon, it will become the key to safeguarding it.
You will no longer need to create, track or remember multiple passwords for various log-ins. Imagine you will be able to walk up to an ATM machine to securely withdraw money by simply speaking your name or looking into a tiny sensor that can recognize the unique patterns in the retinal of your eye. Or by doing the same, you can check your account balance on your mobile phone or tablet.
Each person has a unique biological identity and behind all that is data. Biometric data – facial definitions, retina scans and voice files – will be composited through software to build your DNA unique online password.
Referred to as multi-factor biometrics, smarter systems will be able to use this information in real-time to make sure whenever someone is attempting to access your information, it matches your unique biometric profile and the attempt is authorized. To be trusted, such systems should enable you to opt in or out of whatever information you choose to provide.
Mind reading is no longer science fiction.
From Houdini to Skywalker to X-Men, mind reading has merely been "wishful thinking" for science fiction fans for decades, but their wish may soon come true.
IBM scientists are among those researching how to link your brain to your devices, such as a computer or a smartphone. If you just need to think about calling someone, it happens. Or you can control the cursor on a computer screen just by thinking about where you want to move it.
Scientists in the field of bioinformatics have designed headsets with advanced sensors to read electrical brain activity that can recognize facial expressions, excitement and concentration levels, and thoughts of a person without them physically taking any actions.
Within 5 years, we will begin to see early applications of this technology in the gaming and entertainment industry. Furthermore, doctors could use the technology to test brain patterns, possibly even assist in rehabilitation from strokes and to help in understanding brain disorders, such as autism.
The digital divide will cease to exist.
In our global society, growth and wealth of economies are increasingly decided by the level of access to information. And in five years, the gap between information haves and have-nots will narrow considerably due to advances in mobile technology.
There are 7 billion people inhabiting the world today. In five years there will be 5.6 billion mobile devices sold – which means 80% of the current global population would each have a mobile device.
As it becomes cheaper to own a mobile phone, people without a lot of spending power will be able to do much more than they can today.
For example, in India, using speech technology and mobile devices, IBM enabled rural villagers who were illiterate to pass along information through recorded messages on their phones. With access to information that was not there before, villagers could check weather reports for help them decide when to fertilize crops, know when doctors were coming into town, and find the best prices for their crops or merchandise..
Growing communities will be able to use mobile technology to provide access to essential information and better serve people with new solutions and business models such as mobile commerce and remote healthcare.
Junk mail will become priority mail.
Think about how often we're flooded with advertisements we consider to be irrelevant or unwanted. It may not be that way for long.
In five years, unsolicited advertisements may feel so personalized and relevant it may seem spam is dead. At the same time, spam filters will be so precise you'll never be bothered by unwanted sales pitches again.
Imagine if tickets to your favorite band are put on hold for you the moment they became available, and for the one night of the week that is free on your calendar. Through alerts direct to you, you'll be able to purchase tickets instantly from your mobile device. Or imagine being notified that a snow storm is about to affect your travel plans and you might want to re-route your flight?
IBM is developing technology that uses real-time analytics to make sense and integrate data from across all the facets of your life such as your social networks and online preferences to present and recommend information that is only useful to you.
From news, to sports, to politics, you'll trust the technology will know what you want, so you can decide what to do with it.
IBM : 20/12/2011
http://www.smartcardstrends.com/det_atc.php?idu=15735&main=40a73c079a03a3b5ef8515caf68f73c9
Samsung Announces Industry First ARM Cortex-A15 Processor Samples for Tablet Computers
SEOUL, Korea - November 30, 2011.
Samsung Electronics Co., Ltd., a world leader in advanced semiconductor solutions, announced today the industry's first dual-core processor samples based on the ARM Cortex-A15 core. Designed specifically for high-end tablets, Samsung's newest 2GHz dual-core Exynos 5250 utilizes 32nm high-k metal gate low-power process technology and will offer system-level designers an exciting new solution intended to meet the graphic-intensive, power-efficient requirements of these next-generation mobile products.
"The ARM Cortex-A15 brings unparalleled performance to our Exynos processor family and the exploding mobile marketplace," said Dojun Rhee, vice president of System LSI marketing, Device Solutions, Samsung Electronics. "Designers need an application processor platform that delivers full high definition multimedia capabilities, fast processing speed and high performance graphics to meet end users' expectation for a connected life on the go. The advanced low-power, high-performance processor technology of the new Exynos 5250 continues to deliver an unprecedented level of performance for users to enjoy a completely new mobile experience."
Samsung's new dual-core ARM Cortex-A15 based application processor, the Exynos 5250, is capable of processing 14 billion instructions per second (DMIPS, Dhrystone million instructions per second) at 2.0GHz, nearly doubling the performance over a current state of the art Cortex-A9-based dual core processor running at 1.5GHz capable of 7,500 DMIPS.
In particular, the Exynos 5250 design was architected to drive up to an industry leading 2560 x 1600 (WQXGA) display which reflects the significance of advanced display technology transitioning toward ever higher and sharper resolutions. These leading-edge features enable users to enjoy crisper video images on their mobile devices and deliver readability equivalent to real paper for an ultimate electronic reading experience.
To maximize power efficiencies at the system level, the Exynos 5250 has an embedded DisplayPort (eDP) interface that is compliant with panel self-refresh technology (PSR) applied to the timing controller (T-CON). The embedded PSR technology enables static images to be refreshed directly from the frame buffer memory incorporated in the T-CON, resolving the need for regular display refresh instructions to be made by the application processor in cases such as reading static web pages or e-books.
The 3D graphics processing capabilities, enhanced by more than four-fold over the 1.5GHz Cortex-A9 dual-core processor, and a stereoscopic 3D feature raise the bar of user experience on high-specification 3D gaming, user-interfacing and stereoscopic 3D video playback.
Moreover, the Exynos 5250 features a doubled memory bandwidth of 12.8 Gigabytes per second (GB/s) compared to current dual-core processors that support a maximum of 6.4GB/s to enable fast data processing features, superb 3D graphics and high-resolution display. This memory bandwidth is a key requirement for a processor to support WQXGA resolution displays.
Samsung's Exynos 5250 offers a host of peripheral functions including an embedded image signal processor enabling 8 Megapixel resolution images at 30 frames per second, a full HD 60 frame per second video hardware codec engine for high resolution 1080p video recording and playback, a HDMI 1.4 interface for sharp and crisp multimedia content transmission, along with a diverse scope of embedded booting device interfaces such as SATA, UART, USB and external ports such as USB3.0, eMMC4.5 and eSD3.0.
The Exynos 5250 is currently sampling to customers and is scheduled for mass-production in the second quarter of 2012.
Samsung Electronics Co., Ltd. : 30/11/2011 http://www.smartcardstrends.com/det_atc.php?idu=15609&main=b6b2fad0e2fe561498a09b8f06ff1fa7
STMicroelectronics Unveils Secure Processor for Advanced Computer Security
Geneva, November 17, 2011.
STMicroelectronics (NYSE: STM), a global semiconductor leader serving customers across the spectrum of electronics applications, and the provider of Trusted Platform Modules (TPMs) to all major PC OEMs, has revealed the industry’s highest performing TPM enabling significantly stronger security and trust for activities like e-commerce and cloud-computing services.
As part of the Trusted Computing ecosystem, the TPM is a highly secure processor mounted on the computer motherboard to protect against threats such as software attacks or theft and tampering. It guards sensitive data such as keys, passwords and digital certificates, and provides trustworthy reports of system integrity. According to the Trusted Computing Group (TCG), the industry alliance promoting Trusted Computing technology, almost all enterprise PCs, servers and various embedded systems now have a TPM inside.
ST’s ST33TPM12LPC increases the strength of this hardware-based security as the first TPM to feature a 32-bit secure processor, surpassing existing standalone implementations. This allows the device to handle advanced cryptography algorithms and be ready to support the next-generation TPM 2.0 standard. The ST33TPM12LPC will not only achieve functional certification but also Common Criteria security certifications based on the TPM 1.2 latest Protection Profile at EAL4+ level thus fully complying with TPM Certification Program defined by the TCG.
In addition, ST will be proposing derived versions with other communication interfaces such as I2C and SPI to enable a range of devices besides desktops, notebooks, servers and network equipment to perform as trusted hardware. These include printers, copiers, mobile phones, tablets, home gateways, appliances, smart meters, industrial controls and automotive electronics.
The release of the ST33TPM12LPC is another demonstration of ST’s leading position in advanced process technology and security expertise. “ST is clearly committed to bringing today’s most powerful and compliant Trusted Platform Module not only to the PC industry but also to a virtually unlimited number of connected platforms,” said Marie-France Florentin, General Manager, Secure Microcontrollers Division at STMicroelectronics. “With ST having successfully supported TCG technology for years, this new product highlights our ability to take the lead and capitalize on our know-how and assets”.
The NIST (National Institute of Standards and Technology) promotes best practice in using the SHA-256 (Secure Hashing Algorithm version 2, 256 Bit) algorithm. However, to date, the adoption in commercial markets has been much slower than originally anticipated. “The decision to use this algorithm within the TPM Root Certificate supports the longer term needs of tomorrow’s trustworthy computing environments and offers real value to users today in being able to meet the NIST requirements and accelerate the replacement of ageing SHA1 implementations,” said Steve Roylance, Business Development Director for GlobalSign Ltd, the certificate authority chosen by ST to certify the Endorsement Key within the TPM. “GlobalSign's TPM Root certificate authority is one of a family of 2048bit RSA SHA-256 Certificates. Other roots have already been adopted by web browsers and operating system providers in a bid to push forward the NIST recommendations.”
Major features of ST33TPM12LPC:
-- ARM® SC300 32-bit secure processor capable of supporting:
-- SHA1 and SHA2 hash algorithms
-- AES
-- Ready for next generation TPM 2.0
-- Embedded EK certificate root certified by independent Certification
-- Authority (GlobalSign)
-- Embedded 90nm non-volatile memory
-- Low Pin-Count (LPC) interface
Samples of the ST33TPM12LPC are available in the TCG-recommended TSSOP28 4.4mm surface-mount package or a leadless QFN32 5 x 5mm lead-free Ecopack option. The ST33TPM12LPC will be in volume production in Q1 2012.
http://www.smartcardstrends.com/det_atc.php?idu=15529
Diebold Earns Online Trust Leadership Award for Dedication to Information Security
NORTH CANTON, Ohio, Oct. 20, 2011.
Recognized for its rigorous testing and validation of critical security technologies, solutions and services, Diebold, Incorporated (NYSE: DBD) has been awarded the 2011 Online Trust Leadership Award for Excellence in Security Practices. The Online Trust Alliance (OTA) presents the annual leadership awards to parties demonstrating committed stewardship for data protection and information security. OTA announced award winners at the organization's sixth annual Online Trust Forum, held Oct. 17-19, in Washington, D.C.
The OTA Online Trust Leadership Awards recognize exceptional achievements by companies, nongovernmental organizations and individuals dedicated to preserving and improving trust in and the vitality of Web-based services. A consortium of leading information security advocates, OTA strives to develop and promote best practices, training and public policy to increase consumer protection, transparency and control of their data, online activities and transactions.
Diebold excels in delivering secure Web-based solutions and services that are designed to protect critical data and infrastructure. To achieve the highest levels of security, the company adheres to a strict quality assurance program that ensures no application or service is released until it is fully tested and validated. For every new solution, Diebold employees assess potential vulnerabilities; perform penetration testing to locate any potential weaknesses in network and security systems; prioritize real-world threats that could impact critical information assets; and develop solutions and mitigation strategies to ensure the security of those assets. Going above and beyond required security protocols, Diebold also ensures all of its solutions and services meet or exceed compliance regulations. Built-in compliance is not typically mandated by regulatory agencies.
"Diebold's selection for the Online Trust Leadership Award for Excellence in Security Practices speaks to the company's commitment to enhancing trust and confidence and ensuring secure Web-based interactions," said Craig Spiezle, executive director and president of OTA. "Diebold consistently embraces, advances and helps define best practices in information security and is a clear leader in proactively addressing privacy and security threats in our increasingly digital world."
In addition to rigorous solution testing, Diebold promotes a culture of security within the organization. The company conducts a global Security Education Week annually, during which employees learn about the latest best practices for mitigating information security threats. In addition, year-round activities focus on training and awareness initiatives that educate employees about security issues ranging from phishing to social engineering.
"Security isn't just a business focus for Diebold. It is integrated into our organization. Whether we are developing internal systems, educating our employees or supporting our customers, Diebold is committed to presenting reliable solutions that serve to preserve and improve information security," said David Kennedy, vice president and chief security officer, Diebold. "Recognition from the Online Trust Alliance for our efforts in promoting best security practices reaffirms our commitment to delivering highly secure solutions and services."
http://www.smartcardstrends.com/det_atc.php?idu=15343&main=6b5a532c1e1aec3ec128ea7068c2086b
Trusted' Security Effort Could Protect Factory, Embedded Networks
Posted by Jack Mans -- Packaging Digest, 10/19/2011 3:47:43 PM
The Stuxnet virus, as well as attacks over the past several years on SCADA systems, have made security in the factory and automation sectors a front-burning issue. It's projected that there will ultimately be 50 billion embedded nodes worldwide. Of course, many of those end points will be consumer and automotive users. However, for automation pros, this effort is significant, especially since it will leverage some previous security work developed for the enterprise.
Stacy Cannady, a consultant with Digital Management Inc., worked with TCG for several years when he analyzed secure IT platforms for IBM and Lenovo. He is helping the group organize its embedded program, and he acknowledges the effort is a massive one. Stuxnet notwithstanding, he said, more vertical embedded markets remain blissfully unaware of what a widespread hack of a system might mean.
"There will be a lot of pushback if you tell people they have to flush their entire inventory of low-end microcontrollers," Cannady said. "If you tell the manufacturer of an MRI machine they ought to install a $3 component, it's no big deal. Tell that to someone with a very simple sensor node, and it's a nonstarter."
The model TCG is using is that most solutions should have no impact on an end node's hardware bill of materials. It must also be nearly invisible to the network and the system integrator running the network. A solution that uses software calls from a centralized PC or server to a node, with protected storage and processing, would be ideal. The problem comes when an industry decides a solution might be too top-heavy. That could very well be true in some situations, but the outlier cases of what hackers do might surprise some vertical embedded network managers.
Cannady mentioned how a protection mechanism deemed necessary for some sort of wireless online payment network might be deemed overkill for a manufacturer of train cars and train control systems. Yet TCG members met a Polish teenager who figured out how to take control of multiple train cars in a train yard using a cellphone. It is dangerous to assume a certain vertical industry does not need a particular layer of device security, he said.
The model TCG will use for its earliest, most critical work is to use the Trusted Platform Module 1.2 specification as a guide for having some trusted master controller in a certain layer of the network. The embedded working group then will have to decide where the authentication hardware might be necessary, and where an end node can get by with a software shim alone. The working group will try to make security services as transparent as possible, with as little hardware impact on distributed embedded nodes as possible.
The working group also is looking at applying the publish/subscribe model of the TCG IF-MAP, or Interface for Metadata Access Points, to create a "Facebook for things." A node would automatically publish its status on a regular basis, and the status messages could be subscribed to by both automated monitoring systems and human network managers, who would create monitored subdomains unique to their needs.
Cannady said he expects the National Security Agency, as well as several other federal agencies like the Defense Department and Department of Homeland Security, to be involved in compiling recommendations on embedded secure systems, similar to the orange book/blue book series of IT standards the NSA published in the 1990s. The federal government has offered a model of this in its work on HAIPE, a telecom equipment model for evolving secure telephony to IPv6.
Multiple federal agencies have gotten "very twitchy" about the hacking problems with SCADA systems, Cannady said, and that has made the process control industry sit up and take notice. Now the commercial vertical embedded industries need to recognize the importance of security and trusted domains, but they will demand security that has a very low cost and requires little if any human intervention in network management. The TCG embedded systems working group has its work cut out for it for the near future.
http://www.packagingdigest.com/article/519652-Trusted_Security_Effort_Could_Protect_Factory_Embedded_Networks.php
INTERESTING
press release
Sept. 29, 2011, 6:50 a.m. EDT
WinMagic Recognized as a Visionary in Mobile Data Protection Magic Quadrant
TORONTO, Sep 29, 2011 (BUSINESS WIRE) -- WinMagic(R) ( www.winmagic.com ), the prominent innovator in disk encryption, today announced that leading research firm, Gartner Inc., has positioned WinMagic as a "Visionary" in its Mobile Data Protection (MDP) Magic Quadrant* for 2011. Gartner's report states that, "MDP products secure data on movable storage systems in notebooks, smartphones, tablets and removable media. They may also be used on desktops and servers. MDP systems and procedures are needed to protect business data privacy, meet regulatory and contractual requirements, and comply with audits. Buyers want common protection policies across multiple platforms, minimal support costs and proof that data is protected. Every company must include MDP in its IT operations plan."
"Vision is subjectively ranked according to a vendor's ability to show a broad commitment to technology developments in anticipation of user wants and needs that turn out to be on target with the market," notes the report. "Companies that lead in vision typically own, license or partner on products in other security and configuration management markets," the report continues. "They must also demonstrate management features that make their products easy to integrate with enterprise directories, and to interoperate with other enterprise security and management systems."
"Vision drives innovation, and innovation drives all advances in data protection," said Thi Nguyen-Huu, President & CEO, WinMagic Inc. "So WinMagic is very proud to be recognized as a visionary in Gartner's prestigious Mobile Data Protection Magic Quadrant for 2011," Nguyen-Huu continued. "WinMagic's heavy investment in R&D has driven many data protection breakthroughs -- such as SecureDoc with PBConnex, the first FDE solution with preboot networking -- that have eliminated the traditional barriers to data protection by making it just as easy to deploy, manage and use encrypted devices as unencrypted devices on Windows, Mac and Linux platforms."
WinMagic's recently signed global reseller agreement with Lenovo, combined with deep laptop integration with Lenovo laptops, affords WinMagic a new opportunity to raise competitive visibility.
"Our customers need the strongest data security available today, and by working with WinMagic to deliver SecureDoc for Lenovo, we've added another layer to businesses' defenses," said Peter Schrady, vice president and general manager, Software and Peripherals, Lenovo. "By integrating this solution with our existing tools like Rescue and Recovery and biometric fingerprint authentication we're making data protection simple for users and administrators."
WinMagic's SecureDoc full-disk encryption provides platform support for Microsoft /quotes/zigman/20493/quotes/nls/msft MSFT +2.17% Windows 2000 through 64-bit Windows 7, Mac OS X and Linux. Embedded system support includes Seagate encrypting drives, TCG encrypting drives, TPM, Intel AT and EFI. AES-NI is used to accelerate SSDs. WinMagic applies FIPS 140-2 encryption to SEDs. WinMagic has these FIPS and CC certifications: FIPS 140-2 Level 2 and CC EAL4. It was included in the GSA's SmartBuy award.
* Gartner, Inc., Magic Quadrant for Mobile Data Protection, John Girard, Eric Ouellet, September 7, 2011.
About The Magic Quadrant
The Magic Quadrant is copyrighted 2011, by Gartner, Inc. and is reused with permission. The Magic Quadrant is a graphical representation of a marketplace at and for a specific time period. It depicts Gartner's analysis of how certain vendors measure against criteria for that marketplace, as defined by Gartner. Gartner does not endorse any vendor, product or service depicted in The Magic Quadrant, and does not advise technology users to select only those vendors placed in the "Leaders" quadrant. The Magic Quadrant is intended solely as a research tool, and is not meant to be a specific guide to action. Gartner disclaims all warranties, express or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.
About WinMagic Inc.
WinMagic's SecureDoc full-disk encryption solutions make it simple to protect all data on desktops, laptops, tablets and removable media including USB thumb drives, CD/DVDs, and SD Cards. Compatible with Microsoft Windows 7, Vista, XP, and 2000; Mac OS X Lion, Snow Leopard, Leopard and Tiger as well as Linux platforms, SecureDoc makes it just as easy to centrally manage and use standard drives and self-encrypting drives including Seagate and Opal compliant drives. WinMagic is trusted by thousands of enterprises and government organizations worldwide to minimize business risks, meet privacy/regulatory compliance requirements, and protect valuable information assets against unauthorized access. With a full complement of professional and customer services, WinMagic supports over three million SecureDoc users in approximately 43 countries. For more information, please visit www.winmagic.com , call 1-888-879-5879 or e-mail us at info@winmagic.com.
WinMagic, SecureDoc, SecureDoc Enterprise Server, Compartmental SecureDoc, SecureDoc PDA, SecureDoc Personal Edition, SecureDoc RME, SecureDoc Removable Media Encryption, SecureDoc Media Viewer, SecureDoc Express, SecureDoc for Mac and SecureDoc Central Database are trademarks and registered trademarks of WinMagic Inc., registered in the US and other countries. All other registered and unregistered trademarks herein are the sole property of their respective owners. (C) 2011 WinMagic Inc. All rights reserved.
SOURCE: WinMagic Inc.
http://www.marketwatch.com/story/winmagic-recognized-as-a-visionary-in-mobile-data-protection-magic-quadrant-2011-09-29
It looks like the "Irish Rover" that I spotted earlier this month in Tampa.
4 simple steps to bulletproof laptop securityAugust 31, 2011
Follow these tips, tools, and techniques to protect your Windows notebook against theft, intrusion, and data loss
1.A TPM (Trusted Platform Module) in the notebook in question. Notebooks equipped with a fingerprint reader generally have a TPM included, and BitLocker uses the TPM as a safe place to store the encryption keys.
2.A removable USB drive which serves as a boot key for the system. By default BitLocker looks for a TPM, so it will need some administrative modification to use a USB key.
I've used BitLocker on notebooks both with and without TPM. On the whole, TPM makes it far simpler, but there's no appreciable difference in functionality on a system that's protected by USB key only. If you plan on using a USB key, do yourself a favor and spend some money to buy the smallest USB drive you can find (that you're confident you won't lose). This makes it less onerous to plug and unplug, especially if you find yourself doing so on the train.
http://www.infoworld.com/d/security/4-simple-steps-bulletproof-laptop-security-171130?page=0,0
Rackmount Server targets military applications.
ThomasNet Industrial News Room
With the Intel® Trusted Execution Technology and the on-board Trusted Platform Module (TPM 1.2), the Kontron KISS Server also offers high confidentiality ...
http://news.thomasnet.com/fullstory/Rackmount-Server-targets-military-applications-601016
A Tech Veteran Offers an in Depth, Inside Analysis of the Google/Motorola Deal (GOOG, MMI, MSFT, NOK, AAPL, RIMM, ORCL, DELL)
8/18/2011
"I’m still not convinced Wall Street appreciates Google’s cloud strategy. What slipped by them is the importance of Google’s inclusion of a $3 Trusted Platform Module (TPM) in its Cloudbooks. Why do you think Google had manufacturers put a $3 piece of silicon in a Cloudbook that is designed to sell for less than $300? It wasn’t because they wanted the ballast – Google is putting together a secure cloud strategy and with Motorola it will be able to expand it to smartphones."
http://www.tickerspy.com/newswire/?p=5068
The Role of Trusted Infrastructure in Application Deployment
(long article)
http://soa.sys-con.com/node/1942522
Microsoft to pay $250,000 for hot new security defenses
In search of new ideas
By Dan Goodin in Las Vegas Posted in Security, 4th August 2011 04:37 GMT
Physical Security in Mission Critical Facilities
Microsoft is offering more than $250,000 to researchers who develop new security defenses to protect Windows users against attacks that exploit software bugs.
Microsoft's Blue Hat Prize announced on Wednesday at the Black Hat security conference will pay $200,000 for the best “novel runtime mitigation technology designed to prevent the exploitation of memory safety vulnerabilities.” The two runners up will receive $50,000 and a MSDN Universal subscription valued at $10,000, respectively.
“The Microsoft BlueHat Prize contest is designed to generate new ideas for defensive approaches to support computer security,” the software maker's announcement stated. “As part of our commitment to a more secure computing experience, we hope to inspire security researchers to develop innovative solutions intended to address serious security threats.”
Microsoft over the years has added an alphabet soup of protections to its software that are designed to mitigate the damage that can be done when hackers discover buffer overflows and other bugs that inevitably afflict any complex piece of code. ASLR, or address space layout randomization; DEP, or data execution prevention; SEHOP, or structured exception handling overwrite protection; and SafeSeh are just some of the examples.
The protections aren't intended to prevent bugs, but rather to prevent attackers from exploiting them to steal data or remotely execute malicious code on vulnerable systems.
“This is the first and largest incentive prize ever offered by Microsoft, and possibly the industry, for defensive computer security technology,” Matt Thomlinson, general manager of Microsoft’s Trustworthy Computing Group, wrote here. “In the age of increased risk of attacks on personal, corporate and government computer systems, Microsoft recognizes the need to encourage and nurture innovation in the area of exploit mitigations.
Wednesday's announcement came a week after Facebook joined Mozilla and Google in paying cash bounties to researchers who privately report security vulnerabilities in their software and services. Microsoft continues to steadfastly refuse to reimburse bug discoverers for the time and expertise they provide in helping stamp out bugs on the Windows platform.
http://www.theregister.co.uk/2011/08/04/microsoft_blue_hat_prizes/
Infineon to launch TPM chips for Chrome-based OS devices
Wednesday 27 July 2011 | 08:54 CET
Chipmaker Infineon Technologies is launching Trusted Platform Module (TPM) chips for devices running Google's Chrome-based OS. Chromebooks are designed to provide a secure experience for people who use computing devices to access the internet and use web-based applications. One part of the design is called 'defense in depth,' which provides multiple levels of protection against malware. The security architecture includes hardware-backed features, including functions that are supported by the TPM chip built-in to every Chromebook. Infineon offers hardware and software products for Trusted Computing in compliance with the specifications published by the Trusted Computing Group (TCG). Infineon's TPM is a standard compliant TPM that has passed the TCG's certification process and achieved the Common Criteria EAL 4+ certification. In addition to the TPM chip, Infineon provides its TPM professional package security software offering management and application support.
http://www.telecompaper.com/news/infineon-to-launch-tpm-chips-for-chrome-based-os-devices
Contractor trio wins $363M for Special Ops IT assistance
Five-year IDIQs will boost delivery and performance of specialty services
¦By David Hubler¦Jul 15, 2011
Three well-known government contractors have won five-year Defense Department contracts worth a total of $362 million for IT assistance, according to a July 14 DOD announcement.
Booz Allen Hamilton Inc., Dell Services Federal Government and DRS Technical Services Inc., were each awarded indefinite-delivery, indefinite-quantity Special Operations Forces IT Enterprise Contracts, known as SITEC, in support of the U.S. Special Operations Command (USSOCOM).
The contractors will assist the government in performing the daily operations necessary to facilitate the Special Operations Command's ability to effectively and efficiently optimize delivery and performance of specialty services to sustain and maintain USSOCOM's global enterprise IT specialty services environment, the DOD announcement said.
The work will be performed primarily at MacDill AFB, Fla., with limited work in and outside the United States.
The U.S. Special Operations Command is the contracting activity.
http://washingtontechnology.com/article ... tance.aspx
Awk - Outstanding response. Thanx
Intel developing security 'game-changer'
January 26, 2011
Intel CTO says new security technology will not depend on signatures but will stop zero-day attacks in their tracks
By Sharon Gaudin
Intel's chief technology officer says the chip maker is developing a technology that will be a security game changer.
Justin Rattner told Computerworld on Tuesday that scientists at Intel are working on security technology that will stop all zero-day attacks. And, while he would give few details about it, he said he hopes the new technology will be ready to be released this year.
"I think we have some real breakthrough ideas about changing the game in terms of malware," Rattner said. "We're going to see a quantum jump in the ability of future devices, be them PCs or phones or tablets or smart TVs, to defend themselves against attacks."
He noted that the technology won't be signature-based, like so much security is today. Signature-based malware detection is based on searching for known patterns within malicious code. The problem, though, is that zero-day, or brand-new, malware attacks are often successful because they have no known signatures to guard against.
Intel is working around this problem by not depending on signatures.
And the technology will be hardware based, though it's still unclear if it will have a software component.
"Right now, anti-malware depends on signatures, so if you haven't seen the attack before, it goes right past you unnoticed," said Rattner, who called the technology "radically different".
"We've found a new approach that stops the most virulent attacks. It will stop zero-day scenarios. Even if we've never seen it, we can stop it dead in its tracks," he said.
Dan Olds, an analyst with The Gabriel Consulting Group, said if this technology works as Rattner says it will, it could be a major advance for computer security.
"If Intel has hardware technology that can reliably stop zero-day attacks, that would be a huge win in the war against malware," Olds said. "The key is that it's reliable. It has to have the ability to discern legit software from malware. But if they can pull this off, it would give them quite a competitive advantage vs. AMD."
And Olds noted that technology that takes advantage of hardware could be interesting.
"The best security is a combination of hardware and software," he said. "Hardware security can be stronger and faster in some situations, but isn't as flexible as software-only mechanisms. The big change here is that it sounds like Intel is pulling security functions into the chip or the chipset."
Rattner said Intel researchers were working on the new security technology before the company moved to buy security software maker McAfee. However, he said that doesn't mean that McAfee might not somehow be involved.
With that $7.68 billion deal, Intel will become more than just a chip maker. It will become a security company, as well.
Sharon Gaudin covers the Internet and Web 2.0, emerging technologies, and desktop and laptop chips for Computerworld. Follow Sharon on Twitter at @sgaudin or subscribe to Sharon's RSS feed. Her email address is sgaudin@computerworld.com.
http://www.infoworld.com/d/security-central/intel-developing-security-game-changer-495
Hacker Hawks Compromised Military, University Web Sites
By Andrew R Hickey, CRN
Jan. 24, 2011 9:03 AM EST SHARE:
A brazen hacker is selling hacked government, military and education Web sites in an underground black market and commanding anywhere from $55 to $499 a pop, database security firm Imperva has discovered.
Imperva published several redacted screenshots -- complete with typos -- showing the hacker's marketplace. The sites offered include major .gov, .mil and .edu domains in the U.S. and Europe. Some of the hacked Web sites offered for sale include university Web sites, a Department of Defense domain, a site belonging to the U.S. Army and a National Guard site.
Along with the hacked Web sites, the hacker also has for sale the administrative login credentials to hacked sites and personal data stolen from other compromised Web sites for $20 per 1,000 records, Imperva noted.
One screen shot indicates that the hacker is attempting to sell a list of University of Connecticut staff, which includes the uconn.edu e-mail address and phone numbers in the 860 area code. Another screenshot shows the hacker trying to prove his access to the sites by highlighting the admin interface of another major university.
In its blog post highlighting the hacked Web site sale-a-thon, Imperva said it is likely that SQL injection vulnerabilities were the root cause of the security holes in the victimized sites and that the hacker used some kind of a scanner to seek out specific vulnerabilities that he knew he could be exploited using automated tools.
"The victims' vulnerabilities were probably obtained by SQL injection vulnerability automatic scanner and exploited in automatic manner, as the hacker published his methods in a post in some hacker forum…," Imperva wrote.
While it appears that the hacker has accessed the sites that are up for sale, it is not 100 percent proven. Some security researchers suggest that it is part of a larger grift designed to scam the potential buyers of the hacked Web site and documents.
But Brian Krebs, security blogger and former reporter for The Washington Post, is convinced the hacks and the Web site sales are legit. In his KrebsonSecurity blog, Krebs posted an unedited version of the list of Web sites for sale by the hacker, a screenshot originally posted by Imperva with redactions.
"I've seen some of the back-end evidence of his hacks, so it doesn't seem like he's making this up," Krebs wrote of the hacker.
http://www.crn.com/news/security/229100081/hacker-hawks-compromised-military-university-web-sites.htm
Data Protection for Media Creation – Storage Visions 2011
January 4, 2011,
Storage Visions Conference, Las Vegas-a panel looked at various aspects of finding, protecting, and using content. Panel moderator Robert Thibadeau was from Wave Systems and panelists were Michael Willett from Samsung, Aidan Herbert from Wave Systems, Subodh Kulkarni from Imation, Scott Wright from Toshiba America, Molly Richter from Spectralogic, Chris Bross from Drivesavers, and Sean Barry from Kroll Ontrack.
Recently we've been hearing a lot of news about data security breaches potentially leading to identity theft. There are many state and federal laws regarding data security and some of these extend to contractors. By instituting centrally managed encryption, a company only needs to disclose data loss and cannot be held liable for any other outcomes of net security breach.
Willett, a storage security strategist, espoused changing storage to self encrypted solid-state drives when a hardware encryption engine is integrated into the controller. This provides all the benefits of SSD plus the availability to have secure data storage. Encryption can save a company a lot of money. The average cost to company for a data breach incident is about $6.6 million or about $202 per lost record. Encryption provides compliance to legal requirements while also committing data mobility if they try this removed from the data center.
The trusted computing group has developed standards for data security. Although the standard does not distinguish between hardware and software encryption methods, a self encrypted drive will have a higher throughput than any software solution. As a result, a data center will have higher performance storage with fewer management issues and lower overall lifetime operating costs compared to standard hard drives. Self encrypted drives with an integrated solid-state drive and encryption hardware will eventually displace most disk drives in large systems.
Herbert advocates secure storage on the drive and also in the cloud. At the system level, IP traffic is changing to stream-based data flows. As a result, the storage systems need to be based on a flow-through architecture which provides low latency and low power for operations. Streaming operations differ significantly from standard architectures. Standard architectures and protocols require extensive bit fiddling which induces high overhead and slows down system-level performance.
Software security solutions are highly intrusive, so hardware with embedded encryption engines are better choices for storage arrays. Among the security benefits of hardware encryption are lockout capabilities to prevent local overrides and eliminate all access upon some number of failed access attempts. In the future, a PKI-based authentication scheme might be possible. This would allow the user to block mode an array and could be integrated with IPSEC or PKI security.
Embedded encryption enables TPM, an embedded smart card for the cloud which changes a subscription base to a transaction. TPM allows secure migration of encryption keys.
Kulkarni discussed various methods of protection for storage. He mentioned some statistics on data breaches and noted that of the more than 16 million breaches last year, over 70 percent of those associated with small and medium-sized businesses cost businesses to fail.
The key management challenge is to incorporate encryption and security techniques into standard procedures. Physical security, such as RFID or GPS tags to track data cartridges, are readily available. There are many levels of authentication for security ranging from very weak to very strong. Currently most removable media have passwords protection built-in, but most users are not implementing even this minimal level of security. Because different parts of the industries have varying needs, a single solution usually is not a complete solution.
Wright illustrated another example for potential security leaks. The latest high volume office copiers and added new features so they now perform copying, printing, faxing, scanning, and various other tasks while attached to a network. To store and sequence jobs, these copiers now include hard disk drive. These drives provide another source for leaks and increases in operating costs.
Recently, a television station bought some used multipurpose office copy machines and found large volumes of individual information still on the hard drives. The hard disk drives are nonvolatile and even though encryption is included, it's not used and the users have no decommissioning protocols. After broadcasting this story, the Federal Trade Commission issued a guidance on copier equipment data storage and security.
In this case, data security involved the entire ecosystem. All necessary security features are already in place. There was software encryption, purge on output, and print on authentication built into the machine. This example was one of only many similar types of security holes. As a result, it's highly recommended that people self encrypting drives that include cryptographic erase and wipe on power cycle capabilities. These functions will allow managers to reduce security costs through the use of standard security features.
Richter noted that new data creation was more than 160 exabytes last year and should exceed 1.2 ZB this year. Most of these data are unstructured and include video and other rich media, and some of these data sets need to be stored for as much as seven years. As a result, users are changing their technology to use more tape and less hard disk drives for storing this content.
Unfortunately, about 70 percent of all existing capacity is misused. Many files or inert common orphan, contraband, or are allocated but not used. An active archive can address these issues, by creating a single filesystem for all data and data types in storage and use a mixture of technologies. The structure permits all files to have the same access and media can reside in a mixture of RAM, HDD, and tape.
The type of storage medium is determined by the content and can flow up and down through tiers of storage. An automated storage hierarchy requires changes in software and file system virtualization. Many companies are instituted a waterfall hierarchy of storage but they never bother to recover any data. The higher performance levels would use SCSI/SAS or fiber channel interfaces, the high-volume areas would probably be SATA, and the less frequently used data would be somewhere in the network.
Bross noted that recovery is already difficult and encrypted drives would be even harder. Backup without the restore is not a viable option so this becomes a greater technology challenge and must be addressed by the IT departments and security policies. These policies will set file level encryption. New technologies in the latest triumphs like scan on track will help users protect the data, but users need more automation since most backup tools are proprietary. Somehow, drive manufacturers need to build in some type of data recovery mechanism to supplement self encrypting drives. This feature, unfortunately, we tend to defeat the value of the encryption.
http://mandetech.com/2011/01/20/data-protection-for-media-creation-storage-visions-2011/
ST Latest Generation Set-Top Box Chips Support the NDS VideoGuard Security Kernel
GENEVA, Jan. 19, 2011.
STMicroelectronics (NYSE: STM), a leading supplier of set-top-box (STB) ICs, has announced it is the first to sample STB decoder chips providing support for next-generation security and content protection technologies that include the NDS VideoGuard Security Kernel and DVB-CSA3 descrambler system.
The first ST device to implement these technologies is the ST's STi7108 decoder IC, which delivers enhanced user experiences and allows consumers to experience broadcast, Internet or personal content on the TV, intuitively and at any time. The STi7108 joins ST's successful STi710x video decoders, and also provides features to support 3D graphics user controls, 3D TV, content protection, and rich connections to external devices.
The NDS Security Kernel is the latest generation of embedded security solutions from NDS designed to protect media content and operator services with future-proof technology to address changing market needs. The security kernel, an element of the NDS VideoGuard content protection solution, features the increased levels of security required to enable new digital media marketplaces with solutions such as Control Word Protection and the ability to enable DRM technologies.
In addition to the NDS Security Kernel, the STi7108 will also provide support for DVB-CSA3, which is the latest generation of broadcast descrambler specifications licensed by ETSI. This new specification is designed to replace DVB-CSA2 and provide protection against the next generation of attacks against descramblers that are likely to become viable in a few years time.
"To maintain the level of market-leading security that we pride ourselves on providing to our customers you have to consider the end-to-end solution, and for us an integral part of that solution is integrated on the chipset," said Martin Kaufmann, Vice President, Consumer Device Platforms, NDS. "The integration of the NDS Security Kernel on ST chipsets ensures that our customers are able to introduce the best possible solution for their platform with industry leading partners such as ST."
"ST is one of the first to offer set-top-box chips implementing the next-generation NDS Security Kernel , enabling the delivery of high-value media content and services and complementing the features of best-in-class user experience for consumer equipment based on the STi7108," said Eric Jumelet, Group Vice President for Business Management, Home Video Division, STMicroelectronics. "STi7108 has already been introduced and is the first in ST's third generation of high-definition chips that provide the end user with a really exciting 3D HDTV user experience, thanks to its unprecedented CPU performance allowing smooth web experience, while delivering market-leading energy efficiency due to its low power configurable architecture, and low power manufacturing process."
Volume production of the STi7108 with the NDS VideoGuard Security Kernel and DVB-CSA3 is scheduled to start early in 2011.
Further Technical Information on the STi7108
The STi7108 has dual CPU host processors linked to a 256K L2 cache providing up to 3000 DMIPS performance
A 3D graphics engine enables a new class of user interfaces, supports innovations such as 3D Electronic Program Guide (EPG), and enables advanced Internet content and high-performance gaming on the STB. It is the first set-top box IC in the market to combine 3D graphics, Ethernet, USB and e-SATA interfaces to connect Internet devices, DVR storage or external Flash or hard-disk (HDD) drives.
The STi7108 utilizes the ARM® Mali-400™ graphics processor to deliver a powerful 3D experience up to high-definition resolution.
The STi7108 is able to decode video in industry-standard formats, including H.264, MVC, MPEG2, VC-1 or WMV9 Internet video, and MPEG4 part 2, up to high-definition resolutions 1080p 50/60 simultaneously with 1080i/720p picture-in-picture or mosaic formats. The device has flexible memory-interface options offering dual 32/16-bit LMI DDR2/ DDR3 at 1066MHz.
The device provides inputs for up to six transport streams, and provides full-resolution HD 3DTV over HDMI 1.4 with HDCP copy protection. Support for content sharing, according to the Digital Living Network Alliance (DLNA) specification, will also allow use in next-generation HD media players and OTT (Over The Top) set-top boxes.
Together with other integrated processors, including an audio processing subsystem and 2D-graphics handling, the STi7108 allows a significant leap in performance over products currently in mass production, thereby providing increased scope for STB designers to create multimedia value-added features and services to differentiate their products in the marketplace.
STMicroelectronics : 20/01/2011
http://www.smartcardstrends.com/det_atc.php?idu=13626&main=dd69a4b741c31644a8128ccd6d23b1ec
White House: Private Sector Must Lead Internet Security Fight
By John K. Higgins
E-Commerce Times
01/18/11 5:00 AM PT
The proper role for the U.S. government in strengthening e-commerce security is that of catalyst and coordinator, said NIST policy advisor Ari Schwartz. "This effort will not work if the government takes it over. We can't run it ourselves, but the government can have a role in such things as standards development and interoperability."
The world of Internet commerce is booming -- but on a parallel track, identity theft, loss of privacy and fraud are skyrocketing as well. While the government has a role in combating Internet security abuses, two top administration officials visited Silicon Valley to emphasize that the private sector needs to lead the way in developing innovative IT security solutions.
At a cybersecurity forum in Palo Alto, Calif., earlier this month, U.S. Commerce Department Secretary Gary Locke announced the creation of a national program office at the department to focus on improving the security of sensitive online transactions.
"E-commerce sales for the third quarter of 2010 were estimated at more than (US)$41 billion, up 13 percent over the same period for last year. Early reports indicate that the recent holiday season saw similar growth. Despite these ongoing successes, the reality is that the Internet still faces something of a 'trust' issue," Locke said at the forum hosted by Stanford University, "and the Internet will not reach its full potential until users and consumers feel more secure than they do today when they go online."
Internet Security Catalyst
The office will function as a major vehicle for implementing the forthcoming National Strategy for Trusted Identities in Cyberspace (NSTIC) in both the public and private sectors. The goals of the office include the following:
1) building a consensus on legal and policy issues to make the trusted identities strategy successful, including ways to enhance privacy, free expression and open markets;
2) working with the private sector to identify where new standards or collaborative efforts may be needed;
3) supporting intergovernmental collaboration; and
4) promoting important pilot projects.
"We see the office as a catalyst and coordinator for promoting Internet security," Ari Schwartz, senior internet policy advisor at the National Institute for Standards and Technology (NIST), told the E-Commerce Times. "The private sector will be a major, if not leading, factor. This effort will not work if the government takes it over. We can't run it ourselves, but the government can have a role in such things as standards development and interoperability."
NIST is an agency within the Commerce Department and will likely be assigned to operate the program office.
Private Sector Challenged
At the forum, White House cybersecurity coordinator Howard Schmidt alluded to some of the technologies that need to be developed to enhance security in the future, including personal credential mechanisms that reduce the need for multiple passwords; that limit the vulnerability of using one password repeatedly for many years; and that overcome website security deficiencies.
The range of applications not only involves identify theft, but also limiting and controlling personal information gathered by Internet transactions.
"Hopefully, many of you will be involved in creating these technologies to help bring us forward," Schmidt told the IT developers attending the forum
While the program office may concentrate on policy issues, it could also have a role in fostering technology innovations. "One way we can move the technology along is through the pilot projects that will be sponsored through the office," Schwartz said. "We don't have a pilot project budget for 2011, but we hope that next year we can start rolling them out."
Creation of the program office is supported by businesses.
"The rapid pace of innovation for identity management, security and privacy technologies traditionally outpaces that of the rate of adoption in the government market," Jennifer Kerber, vice president, federal and homeland security Policy at TechAmerica, told the E Commerce Times. "I hope the program office will promote innovation in the private sector and spread the word on these innovations in the public sector." TechAmerica, which represents major IT companies and organizations, cosponsored the Stanford forum.
"It's a natural fit for the program office in meeting the goal of the NSTIC to facilitate the private sector's ability to establish identity solutions and privacy-enhancing technologies," Kerber said. "Issues of trusted identity are not just faced by U.S. companies or the federal government. They are global in nature and require a partnership between government and industry."
--------------------------------------------------------------------------------
http://www.ecommercetimes.com/story/White-House-Private-Sector-Must-Lead-Internet-Security-Fight-71665.html
Dell taps insider to lead federal business unit
Richard Pineda promoted to replace Lee Carrick
By David Hubler Jan 18, 2011
Richard Pineda has been promoted to lead Dell Corp.’s Federal Government Services organization based in Fairfax, Va., effective immediately, according to a company statement released Monday.
He replaces Lee Carrick, who has left Dell to pursue other opportunities, said a company source speaking on background.
Pineda most recently served as the organization’s chief operations leader. As vice president he will be responsible for managing business strategy, overall operations and long-term growth.
Since joining Dell Services, formerly Perot Systems, in March 1997, Pineda has been instrumental in the growth of the organization’s consulting, business process outsourcing and service offerings. He helped expand the company’s presence in the federal marketplace in the areas of financial management and overall IT program management, the announcement states.
Before assuming his role as chief operations leader, Pineda led the organization’s Defense Department division as well as its consulting and professional services portfolio. In 2008 and 2009, his division achieved a 100 percent win rate on all re-compete competitions.
Pineda earned a bachelor’s degree in finance from Virginia Tech and an MBA with a concentration in finance and management information systems from George Washington University.
Dell Computer Corp., of Round Rock, Texas, ranks No. 11 on Washington Technology’s 2010 Top 100 list of the largest federal government contractors
http://washingtontechnology.com/articles/2011/01/18/dell-insider-federal-business-unit.aspx
SAP buys into identity management with Secude deal
Software firm will get Swiss security vendor's single sign-on technology
Phil Muncaster
V3.co.uk, 13 Jan 2011
SAP is to boost its capabilities in the identity and access management space by acquiring various parts of Swiss security firm Secude.
The German software company said that the deal will see Secude's Secure Login and Enterprise Single Sign-On products rolled into SAP's portfolio, meaning that customers will not have to shop around with third-party vendors to secure their apps.
SAP explained that it will provide a basic version of Secure Login to its customers and roll it into all new releases free of charge.
The company will also get development and consulting resources from Secude as part of the deal, while Secude will continue to operate as a separate business focusing on its FinallySecure portfolio of data protection products.
The acquired technology will be a good fit for SAP, given that Secude markets itself on its web site as delivering "world class IT and SAP security solutions ".
"We are very pleased that, in closing this transaction, SAP is not only in a position to satisfy our customers' security requirements, but to expand the SAP NetWeaver Identity Management component to include Secure Login Server and Enterprise Single Sign-On," said Björn Goerke, senior vice president for technology and innovation platform core at SAP.
SAP's move represents an increasing need for software firms to build security into applications from the start, arising from customer-led pressure and the growing number of targeted attacks on business data.
It also highlights the tit-for-tat battle between SAP and arch rival Oracle, which acquired single sign-on vendor Passlogix in October last year in a bid to boost its own identity management capabilities.
http://www.v3.co.uk/v3/news/2274224/sap-secude-security-acquisition
Identity Ecosystem? Inside Uncle Sam's "trusted identity" plan
By Matthew Lasar
As we reported, on Friday the United States Department of Commerce and a host of privacy and security experts met at Stanford University to discuss the mapping out of an "Identity Ecosystem" for cyberspace.
That would be a place, Commerce Secretary Gary Locke explained at the event, "where individuals and organizations can complete online transactions with greater confidence... putting greater trust in the online identities of each other... and greater trust in the infrastructure that the transactions run across."
We know what you're thinking. Locke knows it too.
"Let's be clear," he quickly added. "We are not talking about a national ID card. We are not talking about a government-controlled system. What we are talking about is enhancing online security and privacy and reducing and perhaps even eliminating the need to memorize a dozen passwords, through creation and use of more trusted digital identities."
Indeed, no national ID card is being proposed. But judging from the draft blueprint of this concept that the Department of Homeland Security released last year, we are talking about a centralization of various forms of verification.
"This Strategy defines an Identity Ecosystem where one entity vets and establishes identities and another entity accepts them," the DHS' "National Strategy for Trusted Identities in Cyberspace," explains, leading to "an online environment where individuals, organizations, services, and devices can trust each other because authoritative sources establish and authenticate their digital identities."
The document laments that today's online environment is not "user-centric." Consumers enjoy "little control over their own personal information," and have "limited ability to utilize a single digital identity across multiple applications."
And while the system wouldn't rely on the government to be the sole provider of identities, Uncle Sam would play a crucial role in overseeing this process. Clearly, he already is.
A hospital stay
Probably the best way to illustrate the central goal of the draft National Strategy is to consider its outline of an ideal cybersecurity transaction. A woman wants medical data from a hospital where her husband has received care, the report explains. Specifically she wants to access blood test results via the hospital's website.
The hospital requires all such requests to be validated by a "strong credential" and patient approval for the data release. The woman can provide the credential via her cell phone because she and the hospital are using a "trustmark" issued by the "Ecosystem Framework."
So the consumer navigates to the hospital portal. The site authenticates itself to her device, assuring her that she isn't sending any data to a scammer. She's safe in this instance because her cell phone provider has issued a "Public Key Infrastructure" certificate, which is stored on her mobile via a "Trusted Platform Module" and verifies her identity.
Confident that the transaction is secure, the woman plugs her mobile into a computer via a USB cable. The hospital validates her credential, identity, and cell phone, checks that her husband has approved the release of the blood work, and lets her view the results.
The ecosystem's players
So there you have it: a broad, cross-platform proposal that clearly gets wireless ISPs heavily involved in creating and validating identities. The draft National Strategy outlines various key players and things in the Ecosystem.
The Individual—to be issued digital identities to complete transactions.
The Non-Person Entity (NPE)—such as organizations and services who would require authentication.
The Identity Provider—who is responsible for the processes involved in enrolling subjects (individuals and NPEs) in the system.
The Attribute Provider—who oversees the processes involved in creating, validating, and keeping up the attributes associated with identities, such as age.
The Relying Party—who makes transaction decisions based on the receipt of a subject's credentials.
The Trustmark—some kind of image, logo, badge, or seal that authenticates participation in the Identity Ecosystem. "To maintain trustmark integrity," the report explains, "the trustmark itself must be resistant to tampering and forgery; participants should be able to both visually and electronically validate its authenticity."
And finally, the Governance Authority, which oversees and maintains the Ecosystem Framework.
Getting there
The government sees itself bringing this ecosystem into existence via a series of stages—quite a few of them, in fact. First, Washington will designate a Federal agency to do the work, which seems to be the Department of Commerce right now.
Second, the agency will coordinate initial private sector support for the plan. Third, the government will create pilot Ecosystem programs involving Federal service providers.
Fourth, the test departments will integrate their own statutorily required Fair Information Practice Principles (yes, FIPPs) into the project. These FIPPs require agencies to be clear and transparent about how they use public data. The government wants to expand the concept to the private sector as well.
Fifth, participants will build privacy and interoperability standards into the process (maybe this phase should come earlier?).
In stage number six, the project will address the "liability concerns of service providers and individuals." It looks as though the project will create rules for the system that allow for the fixing of security breaches without everyone suing each other's brains out, perhaps something like the Digital Millennium Copyright Act's safe harbor provisions. The last three stages involve promoting and improving the Ecosystem, including offering loans, tax breaks, and insurance grants for early adopters.
What's next
Obviously this is not the last version of this plan, which received quite a bit of feedback following its release in late June. But it offers a pretty good idea of where the government is headed.
The final version of the strategy "will be signed by the president in the coming months," Locke promised the Stanford crowd.
"We know that you understand the basic equation: the greater the trust, the more often people will rely on the Internet for more sophisticated applications and services," his comments concluded. "We look forward to working with you to build that trust."
http://arstechnica.com/security/news/2011/01/identity-ecosystem-inside-uncle-sams-trusted-identity-proposal.ars